From 72065fb8351b54eee5f1928c18e06ad81aa9b502 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Wed, 20 Jun 2001 20:00:40 +0000
Subject: [PATCH] - Added a brand-new access.module which allows you to manage
'roles' (groups) and 'permissions' ... (inspired by Zope's system).
+ Once installed, click the help-link for more information.
+ See updates/2.00-to-x.xx.sql for the SQL updates.
- Modified loads of code to use our new access.module. The system
still has to mature though: new permissions have to be added and
existing permissions need stream-lining. Awaiting suggestions.
- As a direct result of the new access system, I had to rewrite the
way the top-level links in admin.php are rendered and displayed,
and xhtml-ified admin.php while I was at it.
TODO
- Home-brewed modules need updating, home-brewed themes not.
(Examples: file.module, trip_link.module)
- As soon we *finished* the refactoring of the user system (KJ has
been working on this refactoring already) we should consider to
embed this role and permission code into account.module ...
---
account.php | 2 +-
admin.php | 43 ++++---
includes/comment.inc | 148 ++++++++++++----------
includes/common.inc | 8 +-
includes/node.inc | 2 +-
includes/theme.inc | 4 +-
includes/user.inc | 18 ++-
index.php | 13 +-
modules/account.module | 182 +++++++++++----------------
modules/aggregator.module | 104 ++++++++-------
modules/aggregator/aggregator.module | 104 ++++++++-------
modules/block.module | 42 ++++---
modules/block/block.module | 42 ++++---
modules/book.module | 43 +++++--
modules/book/book.module | 43 +++++--
modules/box.module | 70 ++++++-----
modules/comment.module | 44 ++++---
modules/comment/comment.module | 44 ++++---
modules/conf.module | 46 ++++---
modules/cvs.module | 33 +++--
modules/diary.module | 114 +++++++++--------
modules/forum.module | 35 +++---
modules/forum/forum.module | 35 +++---
modules/import.module | 104 ++++++++-------
modules/locale.module | 49 +++++---
modules/locale/locale.module | 49 +++++---
modules/meta.module | 78 +++++++-----
modules/moderate.module | 70 ++++++-----
modules/module.module | 46 ++++---
modules/node.module | 146 +++++++++++----------
modules/node/node.module | 146 +++++++++++----------
modules/page.module | 4 +-
modules/page/page.module | 4 +-
modules/poll.module | 6 +-
modules/poll/poll.module | 6 +-
modules/queue.module | 8 +-
modules/rating.module | 20 ++-
modules/story.module | 4 +-
modules/story/story.module | 4 +-
modules/watchdog.module | 36 ++++--
modules/watchdog/watchdog.module | 36 ++++--
node.php | 98 ++++++++-------
search.php | 55 ++++----
submit.php | 4 +-
updates/2.00-to-x.xx.sql | 13 ++
45 files changed, 1241 insertions(+), 964 deletions(-)
diff --git a/account.php b/account.php
index 52f8c2a244ef..4d3a800cc815 100644
--- a/account.php
+++ b/account.php
@@ -269,7 +269,7 @@ function account_create_submit($userid, $email) {
$new[passwd] = user_password();
$new[hash] = substr(md5("$new[userid]. ". time()), 0, 12);
- $user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "status" => 1, "hash" => $new[hash]));
+ $user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "role" => "authenticated user", "status" => 1, "hash" => $new[hash]));
$link = path_uri() ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
$subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));
diff --git a/admin.php b/admin.php
index 4a359ad91498..ffc4cdfccb14 100644
--- a/admin.php
+++ b/admin.php
@@ -2,9 +2,6 @@
include_once "includes/common.inc";
-// validate user access:
-if (!user_access($user)) exit();
-
function status($message) {
if ($message) return "<B>Status:</B> $message<HR>\n";
}
@@ -14,33 +11,43 @@ function admin_page($mod) {
function module($name) {
global $menu, $user;
- if (function_exists($name. "_admin") && user_access($user, $name)) $output .= "<A HREF=\"admin.php?mod=$name\">$name</A> | ";
+ if (module_hook($name, "admin")) $output .= "<A HREF=\"admin.php?mod=$name\">$name</A> | ";
$menu .= $output;
}
?>
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
- <HTML>
- <HEAD><TITLE><?php echo variable_get(site_name, "drupal"); ?> administration</TITLE></HEAD>
- <STYLE>
+ <html>
+ <head>
+ <title><?php echo variable_get(site_name, "drupal"); ?> administration pages</title>
+ </head>
+ <style>
body { font-family: helvetica, arial; }
h1 { font-famile: helvetica, arial; font-size: 18pt; font-weight: bold; color: #660000; }
h2 { font-family: helvetica, arial; font-size: 18pt; font-weight: bold; color: #000066; }
h3 { font-family: helvetica, arial; font-size: 14pt; font-weight: bold; color: #006600; }
th { font-family: helvetica, arial; text-align: center; vertical-align: top; background-color: #CCCCCC; color: #995555; }
td { font-family: helvetica, arial; }
- </STYLE>
- <BODY BGCOLOR="#FFFFFF" LINK="#005599" VLINK="#004499" ALINK="#FF0000">
- <H1>Administration</H1>
- <?php module_iterate("module"); ?>
- <HR><?php echo $menu; ?><A HREF="index.php">home</A><HR>
- <?php if (user_access($user, $mod)) module_invoke($mod, "admin"); ?>
- </BODY>
- </HTML>
+ </style>
+ <body bgcolor="#FFFFFF" link="#005599" vlink="#004499" alink="#FF0000">
+ <h1>Administration</h1>
+ <?php
+ foreach (module_list() as $name) {
+ if (module_hook($name, "admin")) $links[] = "<a href=\"admin.php?mod=$name\">$name</a>";
+ }
+ $links[] = "<a href=\"index.php\">home</a>";
+
+ print implode(" | ", $links) ."<hr />";
+
+ if ($mod) module_invoke($mod, "admin");
+ ?>
+ </body>
+ </html>
<?php
}
-user_rehash();
-admin_page($mod);
+if (user_access($user, "access administration pages")) {
+ user_rehash();
+ admin_page($mod);
+}
?>
\ No newline at end of file
diff --git a/includes/comment.inc b/includes/comment.inc
index cf49b49e6906..e7f14cb0673a 100644
--- a/includes/comment.inc
+++ b/includes/comment.inc
@@ -50,16 +50,16 @@ function comment_settings($mode, $order, $threshold) {
function comment_form($edit) {
global $REQUEST_URI, $user;
- // Name field:
+ // name field:
$form .= form_item(t("Your name"), format_username($user->userid));
- // Subject field:
+ // subject field:
$form .= form_textfield(t("Subject"), "subject", check_input($edit[subject]), 50, 60);
- // Comment field:
+ // comment field:
$form .= form_textarea(t("Comment"), "comment", check_input($edit[comment]), 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
- // Preview button:
+ // preview button:
$form .= form_hidden("pid", check_input($edit[pid]));
$form .= form_hidden("id", check_input($edit[id]));
@@ -87,7 +87,12 @@ function comment_reply($pid, $id) {
$pid = 0;
}
- $theme->box(t("Reply"), comment_form(array(pid=>$pid, id=>$id)));
+ if (user_access($user, "post comments")) {
+ $theme->box(t("Reply"), comment_form(array(pid=>$pid, id=>$id)));
+ }
+ else {
+ $theme->box(t("Reply"), t("You are not authorized to post comments."));
+ }
}
function comment_preview($edit) {
@@ -102,24 +107,26 @@ function comment_preview($edit) {
function comment_post($edit) {
global $theme, $user;
- // check comment submission rate:
- throttle("post comment", variable_get(max_comment_rate, 60));
+ if (user_access($user, "post comments")) {
+ // check comment submission rate:
+ throttle("post comment", variable_get(max_comment_rate, 60));
- // check for duplicate comments:
- $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_input($edit[pid]) ."' AND lid = '". check_input($edit[id]) ."' AND subject = '". check_input($edit[subject]) ."' AND comment = '". check_input($edit[comment]) ."'"), 0);
+ // check for duplicate comments:
+ $duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_input($edit[pid]) ."' AND lid = '". check_input($edit[id]) ."' AND subject = '". check_input($edit[subject]) ."' AND comment = '". check_input($edit[comment]) ."'"), 0);
- if ($duplicate != 0) {
- watchdog("warning", "comment: duplicate '$subject'");
- }
- else {
- // validate subject:
- $subject = ($subject) ? $subject : substr($comment, 0, 29);
+ if ($duplicate != 0) {
+ watchdog("warning", "comment: duplicate '$subject'");
+ }
+ else {
+ // validate subject:
+ $subject = ($subject) ? $subject : substr($comment, 0, 29);
- // add watchdog entry:
- watchdog("special", "comment: added '$subject'");
+ // add watchdog entry:
+ watchdog("special", "comment: added '$subject'");
- // add comment to database:
- db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($edit[id]) ."', '". check_input($edit[pid]) ."', '$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[comment]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')");
+ // add comment to database:
+ db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($edit[id]) ."', '". check_input($edit[pid]) ."', '$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[comment]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')");
+ }
}
}
@@ -250,68 +257,71 @@ function comment_thread_max($cid, $mode, $threshold, $level = 0, $dummy = 0) {
}
function comment_render($lid, $cid) {
- global $theme, $REQUEST_URI, $user;
+ global $user, $theme, $REQUEST_URI;
- // Pre-process variables:
- $lid = empty($lid) ? 0 : $lid;
- $cid = empty($cid) ? 0 : $cid;
- $mode = ($user->id) ? $user->mode : variable_get(default_comment_mode, 4);
- $order = ($user->id) ? $user->sort : variable_get(default_comment_order, 1);
- $threshold = ($user->id) ? $user->threshold : variable_get(default_comment_threshold, 3);
+ if (user_access($user, "view comments")) {
- if ($user->id) {
- // Comment control:
- $theme->box(t("Comment control"), comment_controls($threshold, $mode, $order));
+ // Pre-process variables:
+ $lid = empty($lid) ? 0 : $lid;
+ $cid = empty($cid) ? 0 : $cid;
+ $mode = ($user->id) ? $user->mode : variable_get(default_comment_mode, 4);
+ $order = ($user->id) ? $user->sort : variable_get(default_comment_order, 1);
+ $threshold = ($user->id) ? $user->threshold : variable_get(default_comment_threshold, 3);
- // Print moderation form:
- print "<FORM METHOD=\"post\" ACTION=\"$REQUEST_URI\">\n";
- }
+ if ($user->id) {
+ // Comment control:
+ $theme->box(t("Comment control"), comment_controls($threshold, $mode, $order));
- if ($cid > 0) {
- $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = '$cid'");
- if ($comment = db_fetch_object($result)) {
- comment_view($comment, comment_link($comment));
+ // Print moderation form:
+ print "<FORM METHOD=\"post\" ACTION=\"$REQUEST_URI\">\n";
}
- }
- else {
- if ($mode == 1) {
- $result = comment_query($lid, $order);
- print "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
- print " <TR><TH>Subject</TH><TH>Author</TH><TH>Date</TH><TH>Score</TH></TR>\n";
- while ($comment = db_fetch_object($result)) {
- if (comment_visible($comment, $threshold)) {
- print " <TR><TD><A HREF=\"". comment_uri("id=$comment->lid&cid=$comment->cid#$comment->cid") ."\">". check_output($comment->subject) ."</A></TD><TD>". format_username($comment->userid) ."</TD><TD>". format_date($comment->timestamp, "small") ."</TD><TD>". comment_score($comment) ."</TD></TR>\n";
- }
+
+ if ($cid > 0) {
+ $result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = '$cid'");
+ if ($comment = db_fetch_object($result)) {
+ comment_view($comment, comment_link($comment));
}
- print "</TABLE>\n";
}
- else if ($mode == 2) {
- $result = comment_query($lid, $order);
- while ($comment = db_fetch_object($result)) {
- comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
+ else {
+ if ($mode == 1) {
+ $result = comment_query($lid, $order);
+ print "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
+ print " <TR><TH>Subject</TH><TH>Author</TH><TH>Date</TH><TH>Score</TH></TR>\n";
+ while ($comment = db_fetch_object($result)) {
+ if (comment_visible($comment, $threshold)) {
+ print " <TR><TD><A HREF=\"". comment_uri("id=$comment->lid&cid=$comment->cid#$comment->cid") ."\">". check_output($comment->subject) ."</A></TD><TD>". format_username($comment->userid) ."</TD><TD>". format_date($comment->timestamp, "small") ."</TD><TD>". comment_score($comment) ."</TD></TR>\n";
+ }
+ }
+ print "</TABLE>\n";
}
- }
- else if ($mode == 3) {
- $result = comment_query($lid, $order, 0);
- while ($comment = db_fetch_object($result)) {
- comment_view($comment);
- comment_thread_min($comment->cid, $threshold);
+ else if ($mode == 2) {
+ $result = comment_query($lid, $order);
+ while ($comment = db_fetch_object($result)) {
+ comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
+ }
}
- }
- else {
- $result = comment_query($lid, $order, 0);
- while ($comment = db_fetch_object($result)) {
- comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
- comment_thread_max($comment->cid, $mode, $threshold, $level + 1);
+ else if ($mode == 3) {
+ $result = comment_query($lid, $order, 0);
+ while ($comment = db_fetch_object($result)) {
+ comment_view($comment);
+ comment_thread_min($comment->cid, $threshold);
+ }
+ }
+ else {
+ $result = comment_query($lid, $order, 0);
+ while ($comment = db_fetch_object($result)) {
+ comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
+ comment_thread_max($comment->cid, $mode, $threshold, $level + 1);
+ }
}
}
- }
- if ($user->id) {
- // Print moderation form:
- print " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$lid\">\n";
- print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Moderate comments") ."\">\n";
- print "</FORM>\n";
+ if ($user->id) {
+ // Print moderation form:
+ print " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$lid\">\n";
+ print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Moderate comments") ."\">\n";
+ print "</FORM>\n";
+ }
}
}
diff --git a/includes/common.inc b/includes/common.inc
index 2fc7c8a426b2..778f87a39011 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -25,7 +25,7 @@ function watchdog($type, $message) {
function throttle($type, $rate) {
global $user;
- if (!user_access($user)) {
+ if (!user_access($user, "access administration pages")) {
if ($throttle = db_fetch_object(db_query("SELECT * FROM watchdog WHERE type = '$type' AND hostname = '". getenv("REMOTE_ADDR") ."' AND ". time() ." - timestamp < $rate"))) {
watchdog("warning", "throttle: '". getenv("REMOTE_ADDR") ."' exceeded submission rate - $throttle->type");
die(message_throttle());
@@ -46,8 +46,8 @@ function path_img() {
return "./images/";
}
-function message_account() {
- return t("This page requires a valid user account. Please <A HREF=\"account.php\">create a user account</A> and <A HREF=\"account.php\">login</A> prior to accessing it.");
+function message_access() {
+ return t("You are not authorized to access to this page.");
}
function message_throttle() {
@@ -136,7 +136,7 @@ function format_date($timestamp, $type = "medium", $format = "") {
function format_username($username) {
global $user;
- if ($username) return (user_access($user, "account") ? "<A HREF=\"admin.php?mod=account&op=view&name=". urlencode($username) ."\">$username</A>" : "<A HREF=\"account.php?op=view&name=". urlencode($username) ."\">$username</A>");
+ if ($username) return (user_access($user, "add and edit user accounts") ? "<A HREF=\"admin.php?mod=account&op=view&name=". urlencode($username) ."\">$username</A>" : "<A HREF=\"account.php?op=view&name=". urlencode($username) ."\">$username</A>");
else return variable_get(anonymous, "Anonymous");
}
diff --git a/includes/node.inc b/includes/node.inc
index 20c47cde6d3f..affb4437126f 100644
--- a/includes/node.inc
+++ b/includes/node.inc
@@ -236,7 +236,7 @@ function node_index($node) {
function node_visible($node) {
global $user, $status;
- return ($node->status == $status[posted]) || ($node->status == $status[queued] && $user->id) || user_access($user, $node->type) || user_access($user, "node");
+ return ($node->status == $status[posted]) || ($node->status == $status[queued] && $user->id) || user_access($user, $node->type) || user_access($user, "add and edit nodes");
}
function node_access($account, $node) {
diff --git a/includes/theme.inc b/includes/theme.inc
index ff0e9316752c..68c2d5adfc62 100644
--- a/includes/theme.inc
+++ b/includes/theme.inc
@@ -59,9 +59,9 @@ function theme_account($theme) {
$content .= "<A HREF=\"account.php?op=edit&topic=content\">". t("edit your content") ."</A><BR>\n";
$content .= "<P>\n";
- if (user_access($user)) {
+ if (user_access($user, "access administration pages")) {
$content .= "<A HREF=\"admin.php\">". strtr(t("administer %a"), array("%a" => variable_get("site_name", "drupal"))) ."</A><BR>\n";
- $content .= "<P>\n";
+ $content .= "<P>\n";
}
foreach (module_list() as $name) {
diff --git a/includes/user.inc b/includes/user.inc
index 73d3243bde8a..2abdf094ac09 100644
--- a/includes/user.inc
+++ b/includes/user.inc
@@ -3,14 +3,14 @@
class User {
function User($userid, $passwd = 0) {
if ($passwd) {
- $result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 2");
+ $result = db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') AND status = 2");
if (db_num_rows($result) == 1) {
foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id");
}
}
else {
- $result = db_query("SELECT * FROM users WHERE userid = '$userid' && STATUS = 2");
+ $result = db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE u.userid = '$userid' AND u.status = 2");
if (db_num_rows($result) == 1) {
foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id");
@@ -52,10 +52,16 @@ function user_save($account, $array) {
return user_load(($account->userid ? $account->userid : $array[userid]));
}
-function user_access($account, $section = 0) {
- global $user;
- if ($section) return (field_get($account->access, $section) || $account->id == 1);
- else return ($account->access || $account->id == 1);
+function user_access($account, $perm) {
+ if ($account->id == 1) {
+ return 1;
+ }
+ else if ($account->perm) {
+ return strstr($account->perm, $perm);
+ }
+ else {
+ return db_fetch_object(db_query("SELECT * FROM role WHERE name = 'anonymous user' AND perm LIKE '%$perm%'"));
+ }
}
function user_ban($mask, $type) {
diff --git a/index.php b/index.php
index fcdd9df6e824..980756098707 100644
--- a/index.php
+++ b/index.php
@@ -4,12 +4,19 @@
page_header();
-$result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '". node_status("posted") ."' AND timestamp <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY timestamp DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10)));
$theme->header();
-while ($node = db_fetch_object($result)) {
- node_view(node_get_object(array("nid" => $node->nid, "type" => $node->type)), 1);
+
+if (user_access($user, "view content")) {
+ $result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '". node_status("posted") ."' AND timestamp <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY timestamp DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10)));
+ while ($node = db_fetch_object($result)) {
+ node_view(node_get_object(array("nid" => $node->nid, "type" => $node->type)), 1);
+ }
+}
+else {
+ $theme->box("Access denied", message_access());
}
+
$theme->footer();
page_footer();
diff --git a/modules/account.module b/modules/account.module
index ff1e131af481..45cb32722584 100644
--- a/modules/account.module
+++ b/modules/account.module
@@ -32,6 +32,10 @@ function account_help() {
<?php
}
+function account_perm() {
+ return array("add and edit user accounts");
+}
+
function account_conf_options() {
$output .= form_select(t("Public accounts"), "account_register", variable_get("account_register", 1), array("Disabled", "Enabled"), "If enabled, everyone can create a new user account. If disabled, new user accounts can only be created by site administrators.");
return $output;
@@ -41,7 +45,7 @@ function account_search($keys) {
global $user;
$result = db_query("SELECT * FROM users WHERE userid LIKE '%$keys%' LIMIT 20");
while ($account = db_fetch_object($result)) {
- $find[$i++] = array("title" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=". urlencode($account->userid) : "account.php?op=view&name=". urlencode($account->userid)), "user" => $account->userid);
+ $find[$i++] = array("title" => $account->userid, "link" => (user_access($user, "add and edit user accounts") ? "admin.php?mod=account&op=view&name=". urlencode($account->userid) : "account.php?op=view&name=". urlencode($account->userid)), "user" => $account->userid);
}
return $find;
}
@@ -99,15 +103,6 @@ function account_overview($query = array()) {
return $output;
}
-function account_access($account) {
- $data = explode(",", $account->access);
- foreach ($data as $array) {
- $access = explode("=", $array);
- if ($access[0]) $output .= " $access[0]";
- }
- return $output;
-}
-
function account_blocks($id) {
$result = db_query("SELECT * FROM layout WHERE user = '$id'");
while ($layout = db_fetch_object($result)) {
@@ -143,24 +138,11 @@ function account_delete($name) {
}
function account_form($account = 0) {
- global $access;
-
- function access($name) {
- global $access, $account;
- if (module_hook($name, "admin")) $access[$name] = $name;
- }
- module_iterate("access");
-
- $account->access = explode(",", $account->access);
- foreach ($account->access as $key=>$value) {
- $account->access[$key] = substr($value, 0, -2);
- }
$form .= $account->id ? form_item("ID", $account->id) . form_hidden("id", $account->id) : "";
$form .= $account->userid ? form_item(t("Username"), check_output($account->userid)) . form_hidden("userid", $account->userid) : form_textfield(t("Username"), "userid", $account->userid, 15, 15);
- $form .= form_select(t("Status"), "status", ($account->status ? $account->status : 1), array("blocked", "not confirmed", "open"));
- $form .= form_select(t("Administrator access"), "access", $account->access, $access, 0, "multiple=\"true\" size=\"10\"");
-// $form .= form_item(t("Administrator access"), "<SELECT NAME=\"edit[access][]\" MULTIPLE=\"true\" SIZE=\"10\">$access</SELECT>");
+ $form .= form_select(t("Status"), "status", $account->status, array("blocked", "not confirmed", "open"));
+ $form .= form_select(t("Role"), "role", $account->role, access_get_roles());
$form .= form_textfield(t("Real name"), "name", $account->name, 30, 55);
$form .= form_textfield(t("Real e-mail address"), "real_email", $account->real_email, 30, 55);
$form .= form_textfield(t("Fake e-mail address"), "fake_email", $account->fake_email, 30, 55);
@@ -179,18 +161,8 @@ function account_save($edit) {
if ($edit[id]) {
// Updating existing account
foreach ($edit as $key=>$value) {
- if ($key != "access") {
$query .= "$key = '". addslashes($value) ."', ";
- }
}
-
- if ($edit[access]) {
- foreach ($edit[access] as $key=>$value) {
- $access = field_set($access, $value, 1);
- }
- }
- $query .= "access = '$access'";
-
db_query("UPDATE users SET $query WHERE id = $edit[id]");
watchdog("account", "account: modified user '$edit[userid]'");
return $edit[userid];
@@ -208,14 +180,7 @@ function account_save($edit) {
$edit[passwd] = user_password();
$edit[hash] = substr(md5("$edit[userid]. ". time()), 0, 12);
- if ($edit[access]) {
- foreach ($edit[access] as $key=>$value) {
- $access = field_set($access, $value, 1);
- }
- $edit[access] = $access;
- }
-
- $user = user_save("", array("userid" => $edit[userid], "access" => $edit[access], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => $edit[status], "hash" => $edit[hash]));
+ $user = user_save("", array("userid" => $edit[userid], "role" => $edit[role], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => $edit[status], "hash" => $edit[hash]));
$link = path_uri() ."account.php?op=confirm&name=". urlencode($edit[userid]) ."&hash=$edit[hash]";
$subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));
@@ -231,8 +196,6 @@ function account_save($edit) {
}
function account_edit($name) {
- $status = array("blocked", "not confirmed", "open");
-
$result = db_query("SELECT * FROM users WHERE userid = '$name'");
if ($account = db_fetch_object($result)) {
@@ -258,7 +221,7 @@ function account_view($name) {
$output .= " <TR><TH>ID:</TH><TD>$account->id</TD></TR>\n";
$output .= " <TR><TH>Username:</TH><TD>$account->userid</TD></TR>\n";
$output .= " <TR><TH>Status:</TH><TD>". $status[$account->status] ."</TD></TR>\n";
- $output .= " <TR><TH>Access:</TH><TD>". check_output(account_access($account)) ."</TD></TR>\n";
+ $output .= " <TR><TH>Role:</TH><TD>". check_output($account->role) ."</TD></TR>\n";
$output .= " <TR><TH>Real name:</TH><TD>". check_output($account->name) ."</TD></TR>\n";
$output .= " <TR><TH>Real e-mail address:</TH><TD>". format_email($account->real_email) ."</TD></TR>\n";
$output .= " <TR><TH>Fake e-mail address:</TH><TD>". check_output($account->fake_email) ."</TD></TR>\n";
@@ -280,72 +243,77 @@ function account_view($name) {
}
function account_query($type = "") {
- $queries = array(array("users recently visiting", "ORDER BY last_access DESC"), array("users recently joining", "ORDER BY id DESC"), array("users with access rights", "WHERE access != '' ORDER BY last_access DESC"), array("users with pending accounts", "WHERE status = 1 ORDER BY last_access DESC"), array("users with blocked accounts", "WHERE status = 0 ORDER BY last_access DESC"));
+ $queries = array(array("users recently visiting", "ORDER BY last_access DESC"), array("users recently joining", "ORDER BY id DESC"), array("users with pending accounts", "WHERE status = 1 ORDER BY last_access DESC"), array("users with blocked accounts", "WHERE status = 0 ORDER BY last_access DESC"));
return ($queries[$type] ? $queries[$type] : $queries);
}
function account_admin() {
- global $op, $edit, $id, $mod, $keys, $order, $name, $query;
-
- print "<SMALL><A HREF=\"admin.php?mod=account&op=access\">access control</A> | <A HREF=\"admin.php?mod=account&op=add\">add new account</A> | <A HREF=\"admin.php?mod=account&op=listing\">account listings</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>";
-
- $query = $query ? $query : 0;
- $name = $name ? $name : $edit[name];
-
- switch ($op) {
- case "access":
- print account_ac();
- break;
- case "Add rule":
- print status(account_ac_add($edit));
- print account_ac();
- break;
- case "Check":
- print status(account_ac_check($edit));
- print account_ac();
- break;
- case "delete":
- print status(account_ac_del($id));
- print account_ac();
- break;
- case "Delete account":
- print status(account_delete($name));
- print account_overview(account_query($query));
- break;
- case "add":
- print account_add();
- break;
- case "Edit account":
- case "edit":
- print account_edit($name);
- break;
- case "help":
- print account_help();
- break;
- case "listing":
- print node_listing(account_query());
- break;
- case "search":
- print search_form($keys);
- print search_data($keys, $mod);
- break;
- case "Save account":
- $name = account_save($edit);
- if ($name)
- print account_view($name);
- else {
- foreach ($edit as $key=>$value) {
- $account->$key = $value;
+ global $user, $op, $edit, $id, $mod, $keys, $order, $name, $query;
+
+ if (user_access($user, "add and edit user accounts")) {
+ print "<SMALL><A HREF=\"admin.php?mod=account&op=access\">access control</A> | <A HREF=\"admin.php?mod=account&op=add\">add new account</A> | <A HREF=\"admin.php?mod=account&op=listing\">account listings</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>";
+
+ $query = $query ? $query : 0;
+ $name = $name ? $name : $edit[name];
+
+ switch ($op) {
+ case "access":
+ print account_ac();
+ break;
+ case "Add rule":
+ print status(account_ac_add($edit));
+ print account_ac();
+ break;
+ case "Check":
+ print status(account_ac_check($edit));
+ print account_ac();
+ break;
+ case "delete":
+ print status(account_ac_del($id));
+ print account_ac();
+ break;
+ case "Delete account":
+ print status(account_delete($name));
+ print account_overview(account_query($query));
+ break;
+ case "add":
+ print account_add();
+ break;
+ case "Edit account":
+ case "edit":
+ print account_edit($name);
+ break;
+ case "help":
+ print account_help();
+ break;
+ case "listing":
+ print node_listing(account_query());
+ break;
+ case "search":
+ print search_form($keys);
+ print search_data($keys, $mod);
+ break;
+ case "Save account":
+ $name = account_save($edit);
+ if ($name)
+ print account_view($name);
+ else {
+ foreach ($edit as $key=>$value) {
+ $account->$key = $value;
+ }
+ print account_form($account);
}
- print account_form($account);
- }
- break;
- case "View account":
- case "view":
- print account_view($name);
- break;
- default:
- print account_overview(account_query($query));
+ break;
+ case "View account":
+ case "view":
+ print account_view($name);
+ break;
+ default:
+ print account_overview(account_query($query));
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/aggregator.module b/modules/aggregator.module
index 460084c4485c..8befa5beb9e1 100644
--- a/modules/aggregator.module
+++ b/modules/aggregator.module
@@ -6,6 +6,10 @@ function import_help() {
<?php
}
+function import_perm() {
+ return array("add and edit news feeds");
+}
+
function import_cron() {
$result = db_query("SELECT * FROM feed");
while ($feed = db_fetch_array($result)) {
@@ -232,54 +236,60 @@ function import_view_item() {
}
function import_admin() {
- global $op, $id, $type, $edit;
-
- print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
-
- switch($op) {
- case "help":
- print import_help();
- break;
- case "add":
- if ($type == "bundle")
- print import_form_bundle();
- else
- print import_form_feed();
- break;
- case "edit":
- if ($type == "bundle")
- print import_form_bundle(import_get_bundle($id));
- else
- print import_form_feed(import_get_feed($id));
- break;
- case "remove":
- print status(import_remove(import_get_feed($id)));
- print import_view_feed();
- break;
- case "update":
- print status(import_update(import_get_feed($id)));
- print import_view_feed();
- break;
- case "Save attributes":
- print status(import_save_attributes($edit));
- print import_view_item();
- break;
- case "Delete":
- $edit[title] = 0;
- // fall through:
- case "Submit":
- if ($type == "bundle")
- print status(import_save_bundle($edit));
- else
- print status(import_save_feed($edit));
- // fall through:
- default:
- if ($type == "bundle")
- print import_view_bundle();
- else if ($type == "item")
- print import_view_item();
- else
+ global $user, $op, $id, $type, $edit;
+
+ if (user_access($user, "add and edit news feeds")) {
+
+ print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
+
+ switch($op) {
+ case "help":
+ print import_help();
+ break;
+ case "add":
+ if ($type == "bundle")
+ print import_form_bundle();
+ else
+ print import_form_feed();
+ break;
+ case "edit":
+ if ($type == "bundle")
+ print import_form_bundle(import_get_bundle($id));
+ else
+ print import_form_feed(import_get_feed($id));
+ break;
+ case "remove":
+ print status(import_remove(import_get_feed($id)));
+ print import_view_feed();
+ break;
+ case "update":
+ print status(import_update(import_get_feed($id)));
print import_view_feed();
+ break;
+ case "Save attributes":
+ print status(import_save_attributes($edit));
+ print import_view_item();
+ break;
+ case "Delete":
+ $edit[title] = 0;
+ // fall through:
+ case "Submit":
+ if ($type == "bundle")
+ print status(import_save_bundle($edit));
+ else
+ print status(import_save_feed($edit));
+ // fall through:
+ default:
+ if ($type == "bundle")
+ print import_view_bundle();
+ else if ($type == "item")
+ print import_view_item();
+ else
+ print import_view_feed();
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module
index 460084c4485c..8befa5beb9e1 100644
--- a/modules/aggregator/aggregator.module
+++ b/modules/aggregator/aggregator.module
@@ -6,6 +6,10 @@ function import_help() {
<?php
}
+function import_perm() {
+ return array("add and edit news feeds");
+}
+
function import_cron() {
$result = db_query("SELECT * FROM feed");
while ($feed = db_fetch_array($result)) {
@@ -232,54 +236,60 @@ function import_view_item() {
}
function import_admin() {
- global $op, $id, $type, $edit;
-
- print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
-
- switch($op) {
- case "help":
- print import_help();
- break;
- case "add":
- if ($type == "bundle")
- print import_form_bundle();
- else
- print import_form_feed();
- break;
- case "edit":
- if ($type == "bundle")
- print import_form_bundle(import_get_bundle($id));
- else
- print import_form_feed(import_get_feed($id));
- break;
- case "remove":
- print status(import_remove(import_get_feed($id)));
- print import_view_feed();
- break;
- case "update":
- print status(import_update(import_get_feed($id)));
- print import_view_feed();
- break;
- case "Save attributes":
- print status(import_save_attributes($edit));
- print import_view_item();
- break;
- case "Delete":
- $edit[title] = 0;
- // fall through:
- case "Submit":
- if ($type == "bundle")
- print status(import_save_bundle($edit));
- else
- print status(import_save_feed($edit));
- // fall through:
- default:
- if ($type == "bundle")
- print import_view_bundle();
- else if ($type == "item")
- print import_view_item();
- else
+ global $user, $op, $id, $type, $edit;
+
+ if (user_access($user, "add and edit news feeds")) {
+
+ print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
+
+ switch($op) {
+ case "help":
+ print import_help();
+ break;
+ case "add":
+ if ($type == "bundle")
+ print import_form_bundle();
+ else
+ print import_form_feed();
+ break;
+ case "edit":
+ if ($type == "bundle")
+ print import_form_bundle(import_get_bundle($id));
+ else
+ print import_form_feed(import_get_feed($id));
+ break;
+ case "remove":
+ print status(import_remove(import_get_feed($id)));
+ print import_view_feed();
+ break;
+ case "update":
+ print status(import_update(import_get_feed($id)));
print import_view_feed();
+ break;
+ case "Save attributes":
+ print status(import_save_attributes($edit));
+ print import_view_item();
+ break;
+ case "Delete":
+ $edit[title] = 0;
+ // fall through:
+ case "Submit":
+ if ($type == "bundle")
+ print status(import_save_bundle($edit));
+ else
+ print status(import_save_feed($edit));
+ // fall through:
+ default:
+ if ($type == "bundle")
+ print import_view_bundle();
+ else if ($type == "item")
+ print import_view_item();
+ else
+ print import_view_feed();
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/block.module b/modules/block.module
index 108ee645cb1d..0de1f0146c3d 100644
--- a/modules/block.module
+++ b/modules/block.module
@@ -9,6 +9,10 @@ function block_help() {
<?php
}
+function block_perm() {
+ return array("add and edit blocks");
+}
+
function block_admin_save($edit) {
foreach ($edit as $key=>$value) {
db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'");
@@ -99,24 +103,28 @@ function block_admin_preview() {
}
function block_admin() {
- global $op, $edit;
-
- print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n";
-
- switch ($op) {
- case "help":
- block_help();
- break;
- case "preview":
- block_admin_preview();
- break;
- case "Save blocks":
- block_admin_save($edit);
- // fall through
- default:
- block_admin_display();
+ global $user, $op, $edit;
+
+ if (user_access($user, "add and edit blocks")) {
+ print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "help":
+ block_help();
+ break;
+ case "preview":
+ block_admin_preview();
+ break;
+ case "Save blocks":
+ block_admin_save($edit);
+ // fall through
+ default:
+ block_admin_display();
+ }
+ }
+ else {
+ print message_access();
}
-
}
?>
diff --git a/modules/block/block.module b/modules/block/block.module
index 108ee645cb1d..0de1f0146c3d 100644
--- a/modules/block/block.module
+++ b/modules/block/block.module
@@ -9,6 +9,10 @@ function block_help() {
<?php
}
+function block_perm() {
+ return array("add and edit blocks");
+}
+
function block_admin_save($edit) {
foreach ($edit as $key=>$value) {
db_query("UPDATE blocks SET region = '". check_input($value[region]) ."', status = '". check_input($value[status]) ."', weight = '". check_input($value[weight]) ."' WHERE name = '". check_input($key) ."'");
@@ -99,24 +103,28 @@ function block_admin_preview() {
}
function block_admin() {
- global $op, $edit;
-
- print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n";
-
- switch ($op) {
- case "help":
- block_help();
- break;
- case "preview":
- block_admin_preview();
- break;
- case "Save blocks":
- block_admin_save($edit);
- // fall through
- default:
- block_admin_display();
+ global $user, $op, $edit;
+
+ if (user_access($user, "add and edit blocks")) {
+ print "<SMALL><A HREF=\"admin.php?mod=block\">configure</A> | <A HREF=\"admin.php?mod=block&op=preview\">preview</A> | <A HREF=\"admin.php?mod=block&op=help\">help</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "help":
+ block_help();
+ break;
+ case "preview":
+ block_admin_preview();
+ break;
+ case "Save blocks":
+ block_admin_save($edit);
+ // fall through
+ default:
+ block_admin_display();
+ }
+ }
+ else {
+ print message_access();
}
-
}
?>
diff --git a/modules/book.module b/modules/book.module
index 87e6bff58c2f..138b5e5a786b 100644
--- a/modules/book.module
+++ b/modules/book.module
@@ -9,6 +9,10 @@ function Book($book) {
}
}
+function book_perm() {
+ return array("maintain book structure");
+}
+
function book_status() {
return array(dumped, expired, queued, posted);
}
@@ -69,7 +73,7 @@ function book_search($keys) {
global $status, $user;
$result = db_query("SELECT n.*, u.userid FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid LEFT JOIN users u ON n.author = u.id WHERE n.type = 'book' AND n.status = '$status[posted]' AND (n.title LIKE '%". check_input($keys) ."%' OR b.body LIKE '%". check_input($keys) ."%') ORDER BY n.timestamp DESC LIMIT 20");
while ($node = db_fetch_object($result)) {
- $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "book") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp);
+ $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp);
}
return $find;
}
@@ -92,7 +96,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) {
$result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE n.type = 'book' AND n.status = '$status[posted]' AND ". book_parent_query($parent) ." ORDER BY b.weight");
// add root node:
- if (user_access($user, "book")) {
+ if (user_access($user, "add and edit nodes")) {
$toc[0] = " ";
}
@@ -126,7 +130,7 @@ function book_form($edit = array()) {
$form .= form_textarea(t("Content"), "body", $edit[body], 70, 20, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$form .= form_textarea(t("Log message"), "log", $edit[log], 70, 5, t("An explanation of the additions or updates being made to help the group understand your motivations."));
- if (user_access($user, "book")) {
+ if (user_access($user, "add and edit nodes")) {
$form .= form_select(t("Weight"), "weight", $edit[weight], array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30), t("The heavier nodes will sink and the lighter nodes will be positioned nearer the top."));
}
@@ -152,7 +156,7 @@ function book_save($edit) {
if (!$edit[nid]) {
node_save($edit, array(author => $user->id, body, comment => variable_get("book_comment", 0), log, moderate => variable_get("book_moderate", ""), parent, pid, promote => variable_get("book_promote", 0), score => 0, status => variable_get("book_status", $status[queued]), timestamp => time(), title, type => "book", votes => 0, weight));
}
- else if (user_access($user)) {
+ else if (user_access($user, "add and edit nodes")) {
node_save($edit, array(body, log, parent, title, type => "book", weight));
}
}
@@ -204,21 +208,34 @@ function book_tree($parent = "", $depth = 0) {
}
function book_admin() {
- print book_tree();
+ global $user;
+ if (user_access($user, "maintain book structure")) {
+ print book_tree();
+ }
+ else {
+ print message_access();
+ }
}
function book_page() {
- global $status, $theme;
+ global $user, $status, $theme;
- $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight");
+ if (user_access($user, "view content")) {
+ $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight");
- while ($node = db_fetch_object($result)) {
- $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>";
- }
+ while ($node = db_fetch_object($result)) {
+ $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>";
+ }
- $theme->header();
- $theme->box(t("Handbook"), "<DL>$output</DL>");
- $theme->footer();
+ $theme->header();
+ $theme->box(t("Handbook"), "<DL>$output</DL>");
+ $theme->footer();
+ }
+ else {
+ $theme->header();
+ $theme->box(t("Access denied"), message_access());
+ $theme->footer();
+ }
}
function book_edit($id) {
diff --git a/modules/book/book.module b/modules/book/book.module
index 87e6bff58c2f..138b5e5a786b 100644
--- a/modules/book/book.module
+++ b/modules/book/book.module
@@ -9,6 +9,10 @@ function Book($book) {
}
}
+function book_perm() {
+ return array("maintain book structure");
+}
+
function book_status() {
return array(dumped, expired, queued, posted);
}
@@ -69,7 +73,7 @@ function book_search($keys) {
global $status, $user;
$result = db_query("SELECT n.*, u.userid FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid LEFT JOIN users u ON n.author = u.id WHERE n.type = 'book' AND n.status = '$status[posted]' AND (n.title LIKE '%". check_input($keys) ."%' OR b.body LIKE '%". check_input($keys) ."%') ORDER BY n.timestamp DESC LIMIT 20");
while ($node = db_fetch_object($result)) {
- $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "book") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp);
+ $find[$i++] = array("title" => check_output($node->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=book&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->userid, "date" => $node->timestamp);
}
return $find;
}
@@ -92,7 +96,7 @@ function book_toc($parent = "", $indent = "", $toc = array()) {
$result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE n.type = 'book' AND n.status = '$status[posted]' AND ". book_parent_query($parent) ." ORDER BY b.weight");
// add root node:
- if (user_access($user, "book")) {
+ if (user_access($user, "add and edit nodes")) {
$toc[0] = " ";
}
@@ -126,7 +130,7 @@ function book_form($edit = array()) {
$form .= form_textarea(t("Content"), "body", $edit[body], 70, 20, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$form .= form_textarea(t("Log message"), "log", $edit[log], 70, 5, t("An explanation of the additions or updates being made to help the group understand your motivations."));
- if (user_access($user, "book")) {
+ if (user_access($user, "add and edit nodes")) {
$form .= form_select(t("Weight"), "weight", $edit[weight], array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30), t("The heavier nodes will sink and the lighter nodes will be positioned nearer the top."));
}
@@ -152,7 +156,7 @@ function book_save($edit) {
if (!$edit[nid]) {
node_save($edit, array(author => $user->id, body, comment => variable_get("book_comment", 0), log, moderate => variable_get("book_moderate", ""), parent, pid, promote => variable_get("book_promote", 0), score => 0, status => variable_get("book_status", $status[queued]), timestamp => time(), title, type => "book", votes => 0, weight));
}
- else if (user_access($user)) {
+ else if (user_access($user, "add and edit nodes")) {
node_save($edit, array(body, log, parent, title, type => "book", weight));
}
}
@@ -204,21 +208,34 @@ function book_tree($parent = "", $depth = 0) {
}
function book_admin() {
- print book_tree();
+ global $user;
+ if (user_access($user, "maintain book structure")) {
+ print book_tree();
+ }
+ else {
+ print message_access();
+ }
}
function book_page() {
- global $status, $theme;
+ global $user, $status, $theme;
- $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight");
+ if (user_access($user, "view content")) {
+ $result = db_query("SELECT n.*, b.* FROM node n LEFT JOIN book b ON n.nid = b.nid AND n.lid = b.lid WHERE b.parent = 0 AND n.status = $status[posted] ORDER BY b.weight");
- while ($node = db_fetch_object($result)) {
- $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>";
- }
+ while ($node = db_fetch_object($result)) {
+ $output .= "<DT><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A></DT><DD>". check_output($node->body, 1) ."<BR><BR></DD>";
+ }
- $theme->header();
- $theme->box(t("Handbook"), "<DL>$output</DL>");
- $theme->footer();
+ $theme->header();
+ $theme->box(t("Handbook"), "<DL>$output</DL>");
+ $theme->footer();
+ }
+ else {
+ $theme->header();
+ $theme->box(t("Access denied"), message_access());
+ $theme->footer();
+ }
}
function book_edit($id) {
diff --git a/modules/box.module b/modules/box.module
index 5ae9aa538bf6..025007620467 100644
--- a/modules/box.module
+++ b/modules/box.module
@@ -29,6 +29,10 @@ function box_help() {
<?php
}
+function box_perm() {
+ return array("add and edit boxes");
+}
+
function box_block() {
$result = db_query("SELECT * FROM boxes ORDER BY subject");
$i = 0;
@@ -142,36 +146,42 @@ function box_admin_save($id, $subject, $content, $info, $link, $type) {
}
function box_admin() {
- global $op, $id, $subject, $content, $info, $link, $type;
-
- print "<SMALL><A HREF=\"admin.php?mod=box&op=add\">add new box</A> | <A HREF=\"admin.php?mod=box\">overview</A> | <A HREF=\"admin.php?mod=box&op=help\">help</A></SMALL><HR>\n";
-
- switch ($op) {
- case "Add box":
- box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
- box_admin_display();
- box_admin_rehash();
- break;
- case "Save box":
- box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
- box_admin_display();
- box_admin_rehash();
- break;
- case "help":
- box_help();
- break;
- case "add":
- box_admin_new();
- break;
- case "edit":
- box_admin_edit(check_input($id));
- break;
- case "delete":
- box_admin_delete(check_input($id));
- box_admin_rehash();
- // fall through
- default:
- box_admin_display();
+ global $user, $op, $id, $subject, $content, $info, $link, $type;
+
+ if (user_access($user, "add and edit boxes")) {
+
+ print "<SMALL><A HREF=\"admin.php?mod=box&op=add\">add new box</A> | <A HREF=\"admin.php?mod=box\">overview</A> | <A HREF=\"admin.php?mod=box&op=help\">help</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "Add box":
+ box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
+ box_admin_display();
+ box_admin_rehash();
+ break;
+ case "Save box":
+ box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
+ box_admin_display();
+ box_admin_rehash();
+ break;
+ case "help":
+ box_help();
+ break;
+ case "add":
+ box_admin_new();
+ break;
+ case "edit":
+ box_admin_edit(check_input($id));
+ break;
+ case "delete":
+ box_admin_delete(check_input($id));
+ box_admin_rehash();
+ // fall through
+ default:
+ box_admin_display();
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/comment.module b/modules/comment.module
index 24b156443d3c..ad9924603c71 100644
--- a/modules/comment.module
+++ b/modules/comment.module
@@ -4,11 +4,15 @@ function comment_search($keys) {
global $user;
$result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20");
while ($comment = db_fetch_object($result)) {
- $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp);
+ $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "edit user comments") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp);
}
return $find;
}
+function comment_perm() {
+ return array("view comments", "post comments", "edit comments");
+}
+
function comment_edit($id) {
global $REQUEST_URI;
@@ -42,24 +46,30 @@ function comment_overview() {
}
function comment_admin() {
- global $op, $id, $edit, $mod, $keys, $order;
+ global $user, $op, $id, $edit, $mod, $keys, $order;
- print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n";
+ if (user_access($user, "edit comments")) {
- switch ($op) {
- case "edit":
- print comment_edit($id);
- break;
- case "search":
- print search_form($keys);
- print search_data($keys, $mod);
- break;
- case t("Submit"):
- print status(comment_save(check_input($id), $edit));
- print comment_overview();
- break;
- default:
- print comment_overview();
+ print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "edit":
+ print comment_edit($id);
+ break;
+ case "search":
+ print search_form($keys);
+ print search_data($keys, $mod);
+ break;
+ case t("Submit"):
+ print status(comment_save(check_input($id), $edit));
+ print comment_overview();
+ break;
+ default:
+ print comment_overview();
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/comment/comment.module b/modules/comment/comment.module
index 24b156443d3c..ad9924603c71 100644
--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -4,11 +4,15 @@ function comment_search($keys) {
global $user;
$result = db_query("SELECT c.*, u.userid FROM comments c LEFT JOIN users u ON c.author = u.id WHERE c.subject LIKE '%$keys%' OR c.comment LIKE '%$keys%' ORDER BY c.timestamp DESC LIMIT 20");
while ($comment = db_fetch_object($result)) {
- $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "comment") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp);
+ $find[$i++] = array("title" => check_output($comment->subject), "link" => (user_access($user, "edit user comments") ? "admin.php?mod=comment&op=edit&id=$comment->cid" : "node.php?id=$comment->lid&cid=$comment->cid"), "user" => $comment->userid, "date" => $comment->timestamp);
}
return $find;
}
+function comment_perm() {
+ return array("view comments", "post comments", "edit comments");
+}
+
function comment_edit($id) {
global $REQUEST_URI;
@@ -42,24 +46,30 @@ function comment_overview() {
}
function comment_admin() {
- global $op, $id, $edit, $mod, $keys, $order;
+ global $user, $op, $id, $edit, $mod, $keys, $order;
- print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n";
+ if (user_access($user, "edit comments")) {
- switch ($op) {
- case "edit":
- print comment_edit($id);
- break;
- case "search":
- print search_form($keys);
- print search_data($keys, $mod);
- break;
- case t("Submit"):
- print status(comment_save(check_input($id), $edit));
- print comment_overview();
- break;
- default:
- print comment_overview();
+ print "<SMALL><A HREF=\"admin.php?mod=comment\">overview</A> | <A HREF=\"admin.php?mod=comment&op=search\">search comment</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "edit":
+ print comment_edit($id);
+ break;
+ case "search":
+ print search_form($keys);
+ print search_data($keys, $mod);
+ break;
+ case t("Submit"):
+ print status(comment_save(check_input($id), $edit));
+ print comment_overview();
+ break;
+ default:
+ print comment_overview();
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/conf.module b/modules/conf.module
index 4a03a1a99eda..ba55d82b6ed1 100644
--- a/modules/conf.module
+++ b/modules/conf.module
@@ -12,6 +12,10 @@ function conf_help() {
<?php
}
+function conf_perm() {
+ return array("edit configuration options");
+}
+
function conf_view_options() {
global $conf, $cmodes, $corder, $themes;
@@ -97,24 +101,30 @@ function conf_view($type) {
}
function conf_admin() {
- global $edit, $op, $type;
-
- print "<SMALL><A HREF=\"admin.php?mod=conf&type=options\">site settings</A> | <A HREF=\"admin.php?mod=conf&type=filter\">content filters</A> | <A HREF=\"admin.php?mod=conf&op=help\">help</A></SMALL><HR>\n";
-
- switch ($op) {
- case "help":
- conf_help();
- break;
- case "Reset to defaults":
- print status(conf_default($edit));
- print conf_view($type);
- break;
- case "Save configuration":
- print status(conf_save($edit));
- print conf_view($type);
- break;
- default:
- print conf_view($type);
+ global $user, $edit, $op, $type;
+
+ if (user_access($user, "edit configuration options")) {
+
+ print "<SMALL><A HREF=\"admin.php?mod=conf&type=options\">site settings</A> | <A HREF=\"admin.php?mod=conf&type=filter\">content filters</A> | <A HREF=\"admin.php?mod=conf&op=help\">help</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "help":
+ conf_help();
+ break;
+ case "Reset to defaults":
+ print status(conf_default($edit));
+ print conf_view($type);
+ break;
+ case "Save configuration":
+ print status(conf_save($edit));
+ print conf_view($type);
+ break;
+ default:
+ print conf_view($type);
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/cvs.module b/modules/cvs.module
index 7eefac3de609..cc81a12e68ed 100644
--- a/modules/cvs.module
+++ b/modules/cvs.module
@@ -1,5 +1,9 @@
<?php
+function cvs_perm() {
+ return array("view CVS messages");
+}
+
function cvs_cron() {
if (time() - variable_get("cvs_cron_last", 0) > variable_get("cvs_cron_time", time())) {
variable_set("cvs_cron_last", time());
@@ -22,20 +26,27 @@ function cvs_conf_options() {
}
function cvs_page() {
- global $theme;
+ global $user, $theme;
- $result = db_query("SELECT * FROM cvs ORDER BY timestamp DESC LIMIT 50");
+ if (user_access($user, "view CVS messages")) {
+ $result = db_query("SELECT * FROM cvs ORDER BY timestamp DESC LIMIT 50");
- while ($cvs = db_fetch_object($result)) {
- $output .= "<b>File:</b> $cvs->files<br />";
- $output .= "<b>Date:</b> ". format_date($cvs->timestamp) ."<br />";
- $output .= "<b>User:</b> $cvs->user<br />";
- $output .= "\n". nl2br(htmlentities($cvs->message)) ."<hr />";
- }
+ while ($cvs = db_fetch_object($result)) {
+ $output .= "<b>File:</b> $cvs->files<br />";
+ $output .= "<b>Date:</b> ". format_date($cvs->timestamp) ."<br />";
+ $output .= "<b>User:</b> $cvs->user<br />";
+ $output .= "\n". nl2br(htmlentities($cvs->message)) ."<hr />";
+ }
- $theme->header();
- $theme->box("CVS commit messages", "<div style=\"font-family: monospace;\">$output</div>");
- $theme->footer();
+ $theme->header();
+ $theme->box("CVS commit messages", "<div style=\"font-family: monospace;\">$output</div>");
+ $theme->footer();
+ }
+ else {
+ $theme->header();
+ $theme->box(t("Access denied"), message_access());
+ $theme->footer();
+ }
}
?>
\ No newline at end of file
diff --git a/modules/diary.module b/modules/diary.module
index 9cfb21c47f1d..a186161cee80 100644
--- a/modules/diary.module
+++ b/modules/diary.module
@@ -1,10 +1,14 @@
<?php
+function diary_perm() {
+ return array("view diary entries", "edit diary entries");
+}
+
function diary_search($keys) {
global $user;
$result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id WHERE d.text LIKE '%$keys%' ORDER BY d.timestamp DESC LIMIT 20");
while ($diary = db_fetch_object($result)) {
- $find[$i++] = array("title" => "$diary->userid's diary", "link" => (user_access($user, "diary") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp);
+ $find[$i++] = array("title" => "$diary->userid's diary", "link" => (user_access($user, "edit diary entries") ? "admin.php?mod=diary&op=edit&id=$diary->id" : "module.php?mod=diary&op=view&name=$diary->userid"), "user" => $diary->userid, "date" => $diary->timestamp);
}
return $find;
@@ -13,25 +17,31 @@ function diary_search($keys) {
function diary_page_overview($num = 20) {
global $theme, $user;
- $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY d.timestamp DESC LIMIT $num");
-
- while ($diary = db_fetch_object($result)) {
- if ($time != date("F jS", $diary->timestamp)) {
- $output .= "<B>". $date = t(date("l", $diary->timestamp)) .", ". t(date("F", $diary->timestamp)) ." ". date("j", $diary->timestamp) ."</B>\n";
- $time = date("F jS", $diary->timestamp);
+ if (user_access($user, "view diary entries")) {
+ $result = db_query("SELECT d.*, u.userid FROM diaries d LEFT JOIN users u ON d.author = u.id ORDER BY d.timestamp DESC LIMIT $num");
+
+ while ($diary = db_fetch_object($result)) {
+ if ($time != date("F jS", $diary->timestamp)) {
+ $output .= "<B>". $date = t(date("l", $diary->timestamp)) .", ". t(date("F", $diary->timestamp)) ." ". date("j", $diary->timestamp) ."</B>\n";
+ $time = date("F jS", $diary->timestamp);
+ }
+ $output .= "<DL>\n";
+ $output .= " <DD><P><B>$diary->userid ". t("wrote") .":</B></P></DD>\n";
+ $output .= " <DL>\n";
+ $output .= " <DD><P>". check_output($diary->text, 1) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$diary->userid\">". t("more") ."</A> ]</P></DD>\n";
+ $output .= " </DL>\n";
+ $output .= "</DL>\n";
}
- $output .= "<DL>\n";
- $output .= " <DD><P><B>$diary->userid ". t("wrote") .":</B></P></DD>\n";
- $output .= " <DL>\n";
- $output .= " <DD><P>". check_output($diary->text, 1) ."</P><P>[ <A HREF=\"module.php?mod=diary&op=view&name=$diary->userid\">". t("more") ."</A> ]</P></DD>\n";
- $output .= " </DL>\n";
- $output .= "</DL>\n";
- }
-
- $theme->header();
- $theme->box(t("Online diary"), $output);
- $theme->footer();
+ $theme->header();
+ $theme->box(t("Online diary"), $output);
+ $theme->footer();
+ }
+ else {
+ $theme->header();
+ $theme->box(t("Access denied"), message_access());
+ $theme->footer();
+ }
}
function diary_page_entry($timestamp, $text, $id = 0) {
@@ -177,7 +187,7 @@ function diary_page() {
diary_page_delete(check_input($id));
diary_page_display(check_input($name));
break;
- case "edit":
+ case "edit":
diary_page_edit(check_input($id));
break;
case "view":
@@ -299,40 +309,40 @@ function diary_admin_display($order = "date") {
function diary_admin() {
- global $op, $id, $mod, $keys, $text, $order;
-
- print "<SMALL><A HREF=\"admin.php?mod=diary\">overview</A> | <A HREF=\"admin.php?mod=diary&op=search\">search diary</A> | <A HREF=\"admin.php?mod=diary&op=help\">help</A></SMALL><HR>\n";
-
- switch ($op) {
- case "delete":
- diary_admin_delete(check_input($id));
- diary_admin_display();
- break;
- case "edit":
- diary_admin_edit(check_input($id));
- break;
- case "help":
- diary_help();
- break;
- case "search":
- print search_form($keys);
- print search_data($keys, $mod);
- break;
- case "Save diary entry":
- diary_admin_save(check_input($id), check_input($text));
- diary_admin_display();
- break;
- case "Update":
- diary_admin_display(check_input($order));
- break;
- default:
- diary_admin_display();
+ global $user, $op, $id, $mod, $keys, $text, $order;
+
+ if (user_access($user, "edit diary entries")) {
+
+ print "<SMALL><A HREF=\"admin.php?mod=diary\">overview</A> | <A HREF=\"admin.php?mod=diary&op=search\">search diary</A> | <A HREF=\"admin.php?mod=diary&op=help\">help</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "delete":
+ diary_admin_delete(check_input($id));
+ diary_admin_display();
+ break;
+ case "edit":
+ diary_admin_edit(check_input($id));
+ break;
+ case "help":
+ diary_help();
+ break;
+ case "search":
+ print search_form($keys);
+ print search_data($keys, $mod);
+ break;
+ case "Save diary entry":
+ diary_admin_save(check_input($id), check_input($text));
+ diary_admin_display();
+ break;
+ case "Update":
+ diary_admin_display(check_input($order));
+ break;
+ default:
+ diary_admin_display();
+ }
}
-}
-
-function diary_export($uri) {
- if ($uri[2] == "diary") {
- print "TODO: export diary for user $uri[3]";
+ else {
+ print message_access();
}
}
diff --git a/modules/forum.module b/modules/forum.module
index 61d05f56104b..8bce520e3860 100644
--- a/modules/forum.module
+++ b/modules/forum.module
@@ -24,9 +24,7 @@ function forum_form($edit = array()) {
function forum_save($edit) {
global $user, $status;
- if (user_access($user)) {
- node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0));
- }
+ node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0));
}
function forum_num_comments($nid) {
@@ -40,21 +38,28 @@ function forum_last_comment($nid) {
}
function forum_page() {
- global $theme;
+ global $user, $theme;
- $result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title");
+ if (user_access($user, "view content")) {
+ $result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title");
- $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n";
- $output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>";
- while ($node = db_fetch_object($result)) {
- $node = node_get_object(array("nid" => $node->nid));
- $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>";
- }
- $output .= "</TABLE>\n";
+ $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n";
+ $output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>";
+ while ($node = db_fetch_object($result)) {
+ $node = node_get_object(array("nid" => $node->nid));
+ $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>";
+ }
+ $output .= "</TABLE>\n";
- $theme->header();
- $theme->box(t("Discussion forum"), $output);
- $theme->footer();
+ $theme->header();
+ $theme->box(t("Discussion forum"), $output);
+ $theme->footer();
+ }
+ else {
+ $theme->header();
+ $theme->box(t("Access denied"), message_access());
+ $theme->footer();
+ }
}
?>
\ No newline at end of file
diff --git a/modules/forum/forum.module b/modules/forum/forum.module
index 61d05f56104b..8bce520e3860 100644
--- a/modules/forum/forum.module
+++ b/modules/forum/forum.module
@@ -24,9 +24,7 @@ function forum_form($edit = array()) {
function forum_save($edit) {
global $user, $status;
- if (user_access($user)) {
- node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0));
- }
+ node_save($edit, array(author => $user->id, body, comment => variable_get("forum_comment", 0), moderate => variable_get("forum_moderate", ""), promote => variable_get("forum_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "forum", votes => 0));
}
function forum_num_comments($nid) {
@@ -40,21 +38,28 @@ function forum_last_comment($nid) {
}
function forum_page() {
- global $theme;
+ global $user, $theme;
- $result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title");
+ if (user_access($user, "view content")) {
+ $result = db_query("SELECT nid FROM node WHERE type = 'forum' ORDER BY title");
- $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n";
- $output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>";
- while ($node = db_fetch_object($result)) {
- $node = node_get_object(array("nid" => $node->nid));
- $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>";
- }
- $output .= "</TABLE>\n";
+ $output .= "<TABLE BORDER=\"0\" CELLSPACING=\"4\" CELLPADDING=\"4\">\n";
+ $output .= " <TR><TH>". t("Forum") ."</TH><TH>". t("Comments") ."</TH><TH>". t("Last comment") ."</TH><TH>". t("Moderators") ."</TH></TR>";
+ while ($node = db_fetch_object($result)) {
+ $node = node_get_object(array("nid" => $node->nid));
+ $output .= " <TR><TD><A HREF=\"node.php?id=$node->nid\">". check_output($node->title) ."</A><BR><SMALL>". check_output($node->body, 1) ."</SMALL></TD><TD ALIGN=\"center\">". forum_num_comments($node->nid) ."</TD><TD ALIGN=\"center\">". forum_last_comment($node->nid) ."</TD><TD ALIGN=\"center\"><SMALL>". check_output($node->moderate) ."</SMALL></TD></TR>";
+ }
+ $output .= "</TABLE>\n";
- $theme->header();
- $theme->box(t("Discussion forum"), $output);
- $theme->footer();
+ $theme->header();
+ $theme->box(t("Discussion forum"), $output);
+ $theme->footer();
+ }
+ else {
+ $theme->header();
+ $theme->box(t("Access denied"), message_access());
+ $theme->footer();
+ }
}
?>
\ No newline at end of file
diff --git a/modules/import.module b/modules/import.module
index 460084c4485c..8befa5beb9e1 100644
--- a/modules/import.module
+++ b/modules/import.module
@@ -6,6 +6,10 @@ function import_help() {
<?php
}
+function import_perm() {
+ return array("add and edit news feeds");
+}
+
function import_cron() {
$result = db_query("SELECT * FROM feed");
while ($feed = db_fetch_array($result)) {
@@ -232,54 +236,60 @@ function import_view_item() {
}
function import_admin() {
- global $op, $id, $type, $edit;
-
- print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
-
- switch($op) {
- case "help":
- print import_help();
- break;
- case "add":
- if ($type == "bundle")
- print import_form_bundle();
- else
- print import_form_feed();
- break;
- case "edit":
- if ($type == "bundle")
- print import_form_bundle(import_get_bundle($id));
- else
- print import_form_feed(import_get_feed($id));
- break;
- case "remove":
- print status(import_remove(import_get_feed($id)));
- print import_view_feed();
- break;
- case "update":
- print status(import_update(import_get_feed($id)));
- print import_view_feed();
- break;
- case "Save attributes":
- print status(import_save_attributes($edit));
- print import_view_item();
- break;
- case "Delete":
- $edit[title] = 0;
- // fall through:
- case "Submit":
- if ($type == "bundle")
- print status(import_save_bundle($edit));
- else
- print status(import_save_feed($edit));
- // fall through:
- default:
- if ($type == "bundle")
- print import_view_bundle();
- else if ($type == "item")
- print import_view_item();
- else
+ global $user, $op, $id, $type, $edit;
+
+ if (user_access($user, "add and edit news feeds")) {
+
+ print "<SMALL><A HREF=\"admin.php?mod=import&type=bundle&op=add\">add new bundle</A> | <A HREF=\"admin.php?mod=import&type=feed&op=add\">add new feed</A> | <A HREF=\"admin.php?mod=import&type=bundle&op=view\">available bundles</A> | <A HREF=\"admin.php?mod=import&type=item&op=view\">available items</A> | <A HREF=\"admin.php?mod=import&op=view\">overview</A> | <A HREF=\"admin.php?mod=import&op=help\">help</A></SMALL><HR>";
+
+ switch($op) {
+ case "help":
+ print import_help();
+ break;
+ case "add":
+ if ($type == "bundle")
+ print import_form_bundle();
+ else
+ print import_form_feed();
+ break;
+ case "edit":
+ if ($type == "bundle")
+ print import_form_bundle(import_get_bundle($id));
+ else
+ print import_form_feed(import_get_feed($id));
+ break;
+ case "remove":
+ print status(import_remove(import_get_feed($id)));
+ print import_view_feed();
+ break;
+ case "update":
+ print status(import_update(import_get_feed($id)));
print import_view_feed();
+ break;
+ case "Save attributes":
+ print status(import_save_attributes($edit));
+ print import_view_item();
+ break;
+ case "Delete":
+ $edit[title] = 0;
+ // fall through:
+ case "Submit":
+ if ($type == "bundle")
+ print status(import_save_bundle($edit));
+ else
+ print status(import_save_feed($edit));
+ // fall through:
+ default:
+ if ($type == "bundle")
+ print import_view_bundle();
+ else if ($type == "item")
+ print import_view_item();
+ else
+ print import_view_feed();
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/locale.module b/modules/locale.module
index 065468e9c55d..db1e58127275 100644
--- a/modules/locale.module
+++ b/modules/locale.module
@@ -24,6 +24,10 @@ function locale_help() {
<?php
}
+function locale_perm() {
+ return array("add and edit locales");
+}
+
function locale_conf_options() {
return form_select(t("Locale support"), "locale", variable_get("locale", 0), array("Disabled", "Enabled"), t("Disable locale support if your site does not require translation or internationalization support."));
}
@@ -83,26 +87,31 @@ function locale_overview() {
}
function locale_admin() {
- global $id, $edit, $op;
-
- print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n";
-
- switch ($op) {
- case "delete":
- print status(locale_delete(check_input($id)));
- print locale_overview();
- break;
- case "help":
- print locale_help();
- break;
- case "edit":
- print locale_edit(check_input($id));
- break;
- case "Save translations":
- print locale_save(check_input($id), $edit);
- // fall through
- default:
- print locale_overview();
+ global $user, $id, $edit, $op;
+
+ if (user_access($user, "add and edit locales")) {
+ print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "delete":
+ print status(locale_delete(check_input($id)));
+ print locale_overview();
+ break;
+ case "help":
+ print locale_help();
+ break;
+ case "edit":
+ print locale_edit(check_input($id));
+ break;
+ case "Save translations":
+ print locale_save(check_input($id), $edit);
+ // fall through
+ default:
+ print locale_overview();
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/locale/locale.module b/modules/locale/locale.module
index 065468e9c55d..db1e58127275 100644
--- a/modules/locale/locale.module
+++ b/modules/locale/locale.module
@@ -24,6 +24,10 @@ function locale_help() {
<?php
}
+function locale_perm() {
+ return array("add and edit locales");
+}
+
function locale_conf_options() {
return form_select(t("Locale support"), "locale", variable_get("locale", 0), array("Disabled", "Enabled"), t("Disable locale support if your site does not require translation or internationalization support."));
}
@@ -83,26 +87,31 @@ function locale_overview() {
}
function locale_admin() {
- global $id, $edit, $op;
-
- print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n";
-
- switch ($op) {
- case "delete":
- print status(locale_delete(check_input($id)));
- print locale_overview();
- break;
- case "help":
- print locale_help();
- break;
- case "edit":
- print locale_edit(check_input($id));
- break;
- case "Save translations":
- print locale_save(check_input($id), $edit);
- // fall through
- default:
- print locale_overview();
+ global $user, $id, $edit, $op;
+
+ if (user_access($user, "add and edit locales")) {
+ print "<SMALL><A HREF=\"admin.php?mod=locale\">overview</A> | <A HREF=\"admin.php?mod=locale&op=help\">help</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "delete":
+ print status(locale_delete(check_input($id)));
+ print locale_overview();
+ break;
+ case "help":
+ print locale_help();
+ break;
+ case "edit":
+ print locale_edit(check_input($id));
+ break;
+ case "Save translations":
+ print locale_save(check_input($id), $edit);
+ // fall through
+ default:
+ print locale_overview();
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/meta.module b/modules/meta.module
index a46857ec1a3b..092bf1d4c7f2 100644
--- a/modules/meta.module
+++ b/modules/meta.module
@@ -6,6 +6,10 @@ function meta_help() {
<?php
}
+function meta_conf() {
+ return array("add and edit meta tags");
+}
+
function meta_form($type, $edit = array()) {
$c = db_query("SELECT * FROM collection WHERE types LIKE '%". check_input($type) ."%'");
while ($collection = db_fetch_object($c)) {
@@ -125,40 +129,46 @@ function meta_overview() {
}
function meta_admin() {
- global $edit, $type, $op, $id;
-
- print "<SMALL><A HREF=\"admin.php?mod=meta&type=collection&op=add\">add new collection</A> | <A HREF=\"admin.php?mod=meta&type=tag&op=add\">add new meta-tag</A> | <A HREF=\"admin.php?mod=meta&op=preview\">preview node forms</A> | <A HREF=\"admin.php?mod=meta\">overview</A> | <A HREF=\"admin.php?mod=meta&op=help\">help</A></SMALL><HR>\n";
-
- switch ($op) {
- case "add":
- if ($type == "collection")
- print meta_form_collection();
- else
- print meta_form_tag();
- break;
- case "edit":
- if ($type == "collection")
- print meta_form_collection(meta_get_collection($id));
- else
- print meta_form_tag(meta_get_tag($id));
- break;
- case "help":
- print meta_help();
- break;
- case "preview":
- print meta_preview();
- break;
- case "Delete":
- $edit[name] = 0;
- // fall through:
- case "Submit":
- if ($type == "collection")
- print status(meta_save_collection($edit));
- else
- print status(meta_save_tag($edit));
- // fall through:
- default:
- print meta_overview();
+ global $user, $edit, $type, $op, $id;
+
+ if (user_access($user, "add and edit meta tags")) {
+
+ print "<SMALL><A HREF=\"admin.php?mod=meta&type=collection&op=add\">add new collection</A> | <A HREF=\"admin.php?mod=meta&type=tag&op=add\">add new meta-tag</A> | <A HREF=\"admin.php?mod=meta&op=preview\">preview node forms</A> | <A HREF=\"admin.php?mod=meta\">overview</A> | <A HREF=\"admin.php?mod=meta&op=help\">help</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "add":
+ if ($type == "collection")
+ print meta_form_collection();
+ else
+ print meta_form_tag();
+ break;
+ case "edit":
+ if ($type == "collection")
+ print meta_form_collection(meta_get_collection($id));
+ else
+ print meta_form_tag(meta_get_tag($id));
+ break;
+ case "help":
+ print meta_help();
+ break;
+ case "preview":
+ print meta_preview();
+ break;
+ case "Delete":
+ $edit[name] = 0;
+ // fall through:
+ case "Submit":
+ if ($type == "collection")
+ print status(meta_save_collection($edit));
+ else
+ print status(meta_save_tag($edit));
+ // fall through:
+ default:
+ print meta_overview();
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/moderate.module b/modules/moderate.module
index c3db8abab134..a75402c3a30d 100644
--- a/modules/moderate.module
+++ b/modules/moderate.module
@@ -1,5 +1,9 @@
<?php
+function moderate_perm() {
+ return array("access moderation pages");
+}
+
function moderate_comment_access($cid) {
global $user;
return db_fetch_object(db_query("SELECT n.moderate FROM comments c LEFT JOIN node n ON c.lid = n.nid WHERE c.cid = '". check_input($cid) ."' AND n.moderate LIKE '%$user->userid%'"));
@@ -37,7 +41,7 @@ function moderate_node($edit, $name) {
return node_invoke($edit, $name);
}
else {
- return status(t("access denied"));
+ return status(message_access());
}
}
@@ -54,7 +58,7 @@ function moderate_comment_edit($id) {
return comment_edit($id);
}
else {
- return "access denied";
+ return status(message_access());
}
}
@@ -63,41 +67,47 @@ function moderate_comment_save($id, $edit) {
return comment_save($id, $edit);
}
else {
- return "access denied";
+ return status(message_access());
}
}
function moderate_admin() {
- global $op, $id, $edit, $type;
-
- switch ($type) {
- case "comment":
- switch ($op) {
- case "edit":
- print moderate_comment_edit($id);
- break;
- case t("Submit"):
- print status(moderate_comment_save($id, $edit));
- // fall through:
- default:
- print moderate_overview();
+ global $user, $op, $id, $edit, $type;
+
+ if (user_access($user, "access moderation pages")) {
+
+ switch ($type) {
+ case "comment":
+ switch ($op) {
+ case "edit":
+ print moderate_comment_edit($id);
+ break;
+ case t("Submit"):
+ print status(moderate_comment_save($id, $edit));
+ // fall through:
+ default:
+ print moderate_overview();
+ }
+ break;
+ default:
+ switch ($op) {
+ case "edit":
+ print moderate_node_edit(node_get_array(array("nid" => $id)));
+ break;
+ case t("Preview"):
+ print moderate_node_edit($edit);
+ break;
+ case t("Submit"):
+ print status(moderate_node_save($edit));
+ // fall through:
+ default:
+ print moderate_overview();
}
- break;
- default:
- switch ($op) {
- case "edit":
- print moderate_node_edit(node_get_array(array("nid" => $id)));
- break;
- case t("Preview"):
- print moderate_node_edit($edit);
- break;
- case t("Submit"):
- print status(moderate_node_save($edit));
- // fall through:
- default:
- print moderate_overview();
}
}
+ else {
+ print message_access();
+ }
}
?>
diff --git a/modules/module.module b/modules/module.module
index f118327705d6..71bcc99a766a 100644
--- a/modules/module.module
+++ b/modules/module.module
@@ -6,6 +6,10 @@ function module_help() {
<?php
}
+function module_perm() {
+ return array("install and uninstall modules");
+}
+
function module_admin_rehash() {
$result = db_query("SELECT * FROM modules");
while ($module = db_fetch_object($result)) {
@@ -33,24 +37,30 @@ function module_admin_overview() {
}
function module_admin() {
- global $op, $name;
-
- print "<SMALL><A HREF=\"admin.php?mod=module\">overview</A> | <A HREF=\"admin.php?mod=module&op=help\">help</A></SMALL><HR>\n";
-
- switch ($op) {
- case "help":
- module_help();
- break;
- case "rehash":
- module_rehash($name);
- module_admin_overview();
- break;
- case "Rehash modules":
- module_admin_rehash();
- module_admin_overview();
- break;
- default:
- module_admin_overview();
+ global $user, $op, $name;
+
+ if (user_access($user, "install and uninstall modules")) {
+
+ print "<SMALL><A HREF=\"admin.php?mod=module\">overview</A> | <A HREF=\"admin.php?mod=module&op=help\">help</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "help":
+ module_help();
+ break;
+ case "rehash":
+ module_rehash($name);
+ module_admin_overview();
+ break;
+ case "Rehash modules":
+ module_admin_rehash();
+ module_admin_overview();
+ break;
+ default:
+ module_admin_overview();
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/node.module b/modules/node.module
index 8e600e8670f9..0b32efb4044e 100644
--- a/modules/node.module
+++ b/modules/node.module
@@ -26,6 +26,10 @@ function node_help() {
}
}
+function node_perm() {
+ return array("add and edit nodes");
+}
+
function node_conf_options() {
$output .= form_select(t("Default number of nodes to display"), "default_nodes_main", variable_get("default_nodes_main", 10), array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The default maximum number of nodes to display on the main page."));
return $output;
@@ -260,77 +264,83 @@ function node_edit($node) {
}
function node_admin() {
- global $op, $id, $edit, $query, $type, $keys;
+ global $user, $op, $id, $edit, $query, $type, $keys;
- foreach (module_list() as $name) {
- if (module_hook($name, "status") && $name != "node") {
- $link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>";
+ if (user_access($user, "add and edit nodes")) {
+
+ foreach (module_list() as $name) {
+ if (module_hook($name, "status") && $name != "node") {
+ $link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>";
+ }
}
- }
- print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n";
-
- $id = check_input($edit[nid] ? $edit[nid] : $id);
-
- switch ($op) {
- case "add":
- print module_invoke($type, "form");
- break;
- case "help":
- print node_help();
- break;
- case "search":
- print node_module_find($id);
- print search_data($keys, $type);
- break;
- case "status":
- print node_edit_status($id);
- break;
- case "option":
- print node_edit_option($id);
- break;
- case "attribute":
- print node_edit_attribute($id);
- break;
- case "content":
- print node_edit_content(node_get_array(array("nid" => $id)), $type);
- break;
- case "default":
- print node_setting();
- break;
- case "delete":
- print status(node_delete($id));
- print node_overview($query);
- break;
- case "listing":
- print node_listing(node_query());
- break;
- case "Save settings":
- print status(conf_save($edit));
- print node_setting();
- break;
- case "Reset to defaults":
- print status(conf_default($edit));
- print node_setting();
- break;
- case "Save node":
- print node_admin_save($edit);
- print node_overview($query);
- break;
- case "edit":
- print node_edit(node_get_object(array("nid" => $id)));
- break;
- case "view":
- print node_module_view(node_get_array(array("nid" => $id)), $type);
- break;
- case "Preview":
- print node_edit_content($edit, $type);
- break;
- case "Submit":
- print status(node_save_content($edit, $type));
- // fall through:
- default:
- print node_overview($query);
+ print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n";
+
+ $id = check_input($edit[nid] ? $edit[nid] : $id);
+
+ switch ($op) {
+ case "add":
+ print module_invoke($type, "form");
+ break;
+ case "help":
+ print node_help();
+ break;
+ case "search":
+ print node_module_find($id);
+ print search_data($keys, $type);
+ break;
+ case "status":
+ print node_edit_status($id);
+ break;
+ case "option":
+ print node_edit_option($id);
+ break;
+ case "attribute":
+ print node_edit_attribute($id);
+ break;
+ case "content":
+ print node_edit_content(node_get_array(array("nid" => $id)), $type);
+ break;
+ case "default":
+ print node_setting();
+ break;
+ case "delete":
+ print status(node_delete($id));
+ print node_overview($query);
+ break;
+ case "listing":
+ print node_listing(node_query());
+ break;
+ case "Save settings":
+ print status(conf_save($edit));
+ print node_setting();
+ break;
+ case "Reset to defaults":
+ print status(conf_default($edit));
+ print node_setting();
+ break;
+ case "Save node":
+ print node_admin_save($edit);
+ print node_overview($query);
+ break;
+ case "edit":
+ print node_edit(node_get_object(array("nid" => $id)));
+ break;
+ case "view":
+ print node_module_view(node_get_array(array("nid" => $id)), $type);
+ break;
+ case "Preview":
+ print node_edit_content($edit, $type);
+ break;
+ case "Submit":
+ print status(node_save_content($edit, $type));
+ // fall through:
+ default:
+ print node_overview($query);
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/node/node.module b/modules/node/node.module
index 8e600e8670f9..0b32efb4044e 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -26,6 +26,10 @@ function node_help() {
}
}
+function node_perm() {
+ return array("add and edit nodes");
+}
+
function node_conf_options() {
$output .= form_select(t("Default number of nodes to display"), "default_nodes_main", variable_get("default_nodes_main", 10), array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The default maximum number of nodes to display on the main page."));
return $output;
@@ -260,77 +264,83 @@ function node_edit($node) {
}
function node_admin() {
- global $op, $id, $edit, $query, $type, $keys;
+ global $user, $op, $id, $edit, $query, $type, $keys;
- foreach (module_list() as $name) {
- if (module_hook($name, "status") && $name != "node") {
- $link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>";
+ if (user_access($user, "add and edit nodes")) {
+
+ foreach (module_list() as $name) {
+ if (module_hook($name, "status") && $name != "node") {
+ $link[] = "<A HREF=\"admin.php?mod=node&type=$name&op=add\">add $name</A>";
+ }
}
- }
- print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n";
-
- $id = check_input($edit[nid] ? $edit[nid] : $id);
-
- switch ($op) {
- case "add":
- print module_invoke($type, "form");
- break;
- case "help":
- print node_help();
- break;
- case "search":
- print node_module_find($id);
- print search_data($keys, $type);
- break;
- case "status":
- print node_edit_status($id);
- break;
- case "option":
- print node_edit_option($id);
- break;
- case "attribute":
- print node_edit_attribute($id);
- break;
- case "content":
- print node_edit_content(node_get_array(array("nid" => $id)), $type);
- break;
- case "default":
- print node_setting();
- break;
- case "delete":
- print status(node_delete($id));
- print node_overview($query);
- break;
- case "listing":
- print node_listing(node_query());
- break;
- case "Save settings":
- print status(conf_save($edit));
- print node_setting();
- break;
- case "Reset to defaults":
- print status(conf_default($edit));
- print node_setting();
- break;
- case "Save node":
- print node_admin_save($edit);
- print node_overview($query);
- break;
- case "edit":
- print node_edit(node_get_object(array("nid" => $id)));
- break;
- case "view":
- print node_module_view(node_get_array(array("nid" => $id)), $type);
- break;
- case "Preview":
- print node_edit_content($edit, $type);
- break;
- case "Submit":
- print status(node_save_content($edit, $type));
- // fall through:
- default:
- print node_overview($query);
+ print "<SMALL>". implode(" | ", $link) ." | <A HREF=\"admin.php?mod=node&op=default\">node settings</A> | <A HREF=\"admin.php?mod=node&op=listing\">node listings</A> | <A HREF=\"admin.php?mod=node&op=search\">search node</A> | <A HREF=\"admin.php?mod=node\">overview</A> | <A HREF=\"admin.php?mod=node&op=help\">help</A></SMALL><HR>\n";
+
+ $id = check_input($edit[nid] ? $edit[nid] : $id);
+
+ switch ($op) {
+ case "add":
+ print module_invoke($type, "form");
+ break;
+ case "help":
+ print node_help();
+ break;
+ case "search":
+ print node_module_find($id);
+ print search_data($keys, $type);
+ break;
+ case "status":
+ print node_edit_status($id);
+ break;
+ case "option":
+ print node_edit_option($id);
+ break;
+ case "attribute":
+ print node_edit_attribute($id);
+ break;
+ case "content":
+ print node_edit_content(node_get_array(array("nid" => $id)), $type);
+ break;
+ case "default":
+ print node_setting();
+ break;
+ case "delete":
+ print status(node_delete($id));
+ print node_overview($query);
+ break;
+ case "listing":
+ print node_listing(node_query());
+ break;
+ case "Save settings":
+ print status(conf_save($edit));
+ print node_setting();
+ break;
+ case "Reset to defaults":
+ print status(conf_default($edit));
+ print node_setting();
+ break;
+ case "Save node":
+ print node_admin_save($edit);
+ print node_overview($query);
+ break;
+ case "edit":
+ print node_edit(node_get_object(array("nid" => $id)));
+ break;
+ case "view":
+ print node_module_view(node_get_array(array("nid" => $id)), $type);
+ break;
+ case "Preview":
+ print node_edit_content($edit, $type);
+ break;
+ case "Submit":
+ print status(node_save_content($edit, $type));
+ // fall through:
+ default:
+ print node_overview($query);
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/page.module b/modules/page.module
index 88739cbb4933..8625230a126a 100644
--- a/modules/page.module
+++ b/modules/page.module
@@ -57,9 +57,7 @@ function page_form($edit = array()) {
function page_save($edit) {
global $status, $user;
- if (user_access($user)) {
- node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0));
- }
+ node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0));
}
?>
\ No newline at end of file
diff --git a/modules/page/page.module b/modules/page/page.module
index 88739cbb4933..8625230a126a 100644
--- a/modules/page/page.module
+++ b/modules/page/page.module
@@ -57,9 +57,7 @@ function page_form($edit = array()) {
function page_save($edit) {
global $status, $user;
- if (user_access($user)) {
- node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0));
- }
+ node_save($edit, array(author => $user->id, body, comment => variable_get("page_comment", 0), format, moderate => variable_get("page_moderate", ""), promote => variable_get("page_promote", 0), score => 0, status => $status[posted], timestamp => time(), title, type => "page", votes => 0));
}
?>
\ No newline at end of file
diff --git a/modules/poll.module b/modules/poll.module
index f99718e94a89..01b143654cb4 100644
--- a/modules/poll.module
+++ b/modules/poll.module
@@ -78,7 +78,7 @@ function poll_search($keys) {
global $status, $user;
$result = db_query("SELECT n.*, p.* FROM poll p LEFT JOIN node n ON n.nid = p.nid AND n.lid = p.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%') LIMIT 20");
while ($poll = db_fetch_object($result)) {
- $find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "poll") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp);
+ $find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp);
}
return $find;
}
@@ -176,7 +176,7 @@ function poll_form($edit = array(), $nocheck = 0) {
$active = array(0 => "Closed", 1 => "Active");
- $admin = ($edit[nid] && user_access($user,"poll")) ? 1 : 0;
+ $admin = ($edit[nid] && user_access($user, "add and edit nodes")) ? 1 : 0;
if ($edit[title]) {
$form .= poll_view(new Poll(node_preview($edit)));
@@ -234,7 +234,7 @@ function poll_save($edit) {
if (!$edit[nid]) {
$nid = node_save($edit, array(active => 1, attributes => node_attributes_save("poll", $edit), author => $user->id, comment => variable_get("poll_comment", 0), moderate => variable_get("poll_moderate", ""), promote => variable_get("poll_promote", 0), runtime, score => 0, status => variable_get("poll_status", $status[queued]), timestamp => time(), title, type => "poll", votes => 0, voters => ""));
}
- else if (user_access($user)) {
+ else if (user_access($user, "add and edit nodes")) {
$nid = node_save($edit, array(active, attributes => node_attributes_save("poll", $edit), runtime, title, type => "poll"));
db_query("DELETE FROM poll_choices WHERE nid='" . $nid . "'");
}
diff --git a/modules/poll/poll.module b/modules/poll/poll.module
index f99718e94a89..01b143654cb4 100644
--- a/modules/poll/poll.module
+++ b/modules/poll/poll.module
@@ -78,7 +78,7 @@ function poll_search($keys) {
global $status, $user;
$result = db_query("SELECT n.*, p.* FROM poll p LEFT JOIN node n ON n.nid = p.nid AND n.lid = p.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%') LIMIT 20");
while ($poll = db_fetch_object($result)) {
- $find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "poll") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp);
+ $find[$i++] = array("title" => check_output($poll->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=poll&op=edit&id=$poll->nid" : "node.php?id=$poll->nid"), "user" => $poll->userid, "date" => $poll->timestamp);
}
return $find;
}
@@ -176,7 +176,7 @@ function poll_form($edit = array(), $nocheck = 0) {
$active = array(0 => "Closed", 1 => "Active");
- $admin = ($edit[nid] && user_access($user,"poll")) ? 1 : 0;
+ $admin = ($edit[nid] && user_access($user, "add and edit nodes")) ? 1 : 0;
if ($edit[title]) {
$form .= poll_view(new Poll(node_preview($edit)));
@@ -234,7 +234,7 @@ function poll_save($edit) {
if (!$edit[nid]) {
$nid = node_save($edit, array(active => 1, attributes => node_attributes_save("poll", $edit), author => $user->id, comment => variable_get("poll_comment", 0), moderate => variable_get("poll_moderate", ""), promote => variable_get("poll_promote", 0), runtime, score => 0, status => variable_get("poll_status", $status[queued]), timestamp => time(), title, type => "poll", votes => 0, voters => ""));
}
- else if (user_access($user)) {
+ else if (user_access($user, "add and edit nodes")) {
$nid = node_save($edit, array(active, attributes => node_attributes_save("poll", $edit), runtime, title, type => "poll"));
db_query("DELETE FROM poll_choices WHERE nid='" . $nid . "'");
}
diff --git a/modules/queue.module b/modules/queue.module
index 0eb1684df1fc..3776ee2a3c25 100644
--- a/modules/queue.module
+++ b/modules/queue.module
@@ -5,6 +5,10 @@ function queue_conf_options() {
$output .= form_select(t("Discard entries older than"), "queue_clear", variable_get("queue_clear", 604800), $period, t("The time nodes should be kept in the moderation queue. Older entries will be automatically discarded. Requires crontab.")); return $output;
}
+function queue_perm() {
+ return array("access moderation queue");
+}
+
function queue_cron() {
global $status;
db_query("UPDATE node SET status = '$status[dumped]' WHERE status = '$status[queued]' AND ". time() ." - timestamp > ". variable_get("queue_clear", 604800));
@@ -110,7 +114,7 @@ function queue_node($id) {
function queue_page() {
global $id, $op, $theme, $user, $vote;
- if ($user->id) {
+ if ($user->id && user_access($user, "access moderation queue")) {
switch($op) {
case "Vote";
queue_vote(check_input($id), check_input($vote));
@@ -125,7 +129,7 @@ function queue_page() {
}
else {
$theme->header();
- $theme->box(t("Moderation queue"), message_account());
+ $theme->box(t("Moderation queue"), message_access());
$theme->footer();
}
}
diff --git a/modules/rating.module b/modules/rating.module
index e4abb066d4bc..164b1eccaff0 100644
--- a/modules/rating.module
+++ b/modules/rating.module
@@ -1,5 +1,9 @@
<?php
+function rating_perm() {
+ return array("view user ratings");
+}
+
function rating_conf_options() {
$period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 1000000000 => t("Never"));
$output .= form_select(t("Update interval"), "rating_cron_time" , variable_get("rating_cron_time", 86400), $period, t("The update interval for the user ratings. Requires crontab."));
@@ -79,10 +83,18 @@ function rating_list($limit) {
}
function rating_page() {
- global $theme;
- $theme->header();
- $theme->box("Top 100 users", rating_list(100));
- $theme->footer();
+ global $user, $theme;
+
+ if (user_access($user, "view user ratings")) {
+ $theme->header();
+ $theme->box(t("Top 100 users"), rating_list(100));
+ $theme->footer();
+ }
+ else {
+ $theme->header();
+ $theme->box(t("Access denied"), message_access());
+ $theme->footer();
+ }
}
function rating_block() {
diff --git a/modules/story.module b/modules/story.module
index ca9ff6946de3..9773f2af4909 100644
--- a/modules/story.module
+++ b/modules/story.module
@@ -16,7 +16,7 @@ function story_search($keys) {
global $status, $user;
$result = db_query("SELECT n.*, s.* FROM story s LEFT JOIN node n ON n.nid = s.nid AND n.lid = s.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%' OR s.abstract LIKE '%$keys%' OR s.body LIKE '%$keys%') LIMIT 20");
while ($story = db_fetch_object($result)) {
- $find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "story") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp);
+ $find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp);
}
return $find;
}
@@ -75,7 +75,7 @@ function story_save($edit) {
if (!$edit[nid]) {
node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), author => $user->id, body, comment => variable_get("story_comment", 0), moderate => variable_get("story_moderate", ""), promote => variable_get("story_promote", 0), score => 0, status => variable_get("story_status", $status[queued]), timestamp => time(), title, type => "story", votes => 0));
}
- else if (user_access($user)) {
+ else if (user_access($user, "add and edit nodes")) {
node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), body, title, type => "story"));
}
}
diff --git a/modules/story/story.module b/modules/story/story.module
index ca9ff6946de3..9773f2af4909 100644
--- a/modules/story/story.module
+++ b/modules/story/story.module
@@ -16,7 +16,7 @@ function story_search($keys) {
global $status, $user;
$result = db_query("SELECT n.*, s.* FROM story s LEFT JOIN node n ON n.nid = s.nid AND n.lid = s.lid WHERE n.status = '$status[posted]' AND (n.title LIKE '%$keys%' OR s.abstract LIKE '%$keys%' OR s.body LIKE '%$keys%') LIMIT 20");
while ($story = db_fetch_object($result)) {
- $find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "story") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp);
+ $find[$i++] = array("title" => check_output($story->title), "link" => (user_access($user, "add and edit nodes") ? "admin.php?mod=node&type=story&op=edit&id=$story->nid" : "node.php?id=$story->nid"), "user" => $story->userid, "date" => $story->timestamp);
}
return $find;
}
@@ -75,7 +75,7 @@ function story_save($edit) {
if (!$edit[nid]) {
node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), author => $user->id, body, comment => variable_get("story_comment", 0), moderate => variable_get("story_moderate", ""), promote => variable_get("story_promote", 0), score => 0, status => variable_get("story_status", $status[queued]), timestamp => time(), title, type => "story", votes => 0));
}
- else if (user_access($user)) {
+ else if (user_access($user, "add and edit nodes")) {
node_save($edit, array(abstract, attributes => node_attributes_save("story", $edit), body, title, type => "story"));
}
}
diff --git a/modules/watchdog.module b/modules/watchdog.module
index 02c7c23ca675..23d4c8d28ddc 100644
--- a/modules/watchdog.module
+++ b/modules/watchdog.module
@@ -7,6 +7,10 @@ function watchdog_help() {
<?php
}
+function watchdog_perm() {
+ return array("access watchdog");
+}
+
function watchdog_conf_options() {
$period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 2419200 => format_interval(2419200), 1000000000 => t("Never"));
$output .= form_select(t("Discard entries older than"), "watchdog_clear", variable_get("watchdog_clear", 604800), $period, t("The time watchdog entries should be kept. Older entries will be automatically discarded. Requires crontab."));
@@ -53,19 +57,25 @@ function watchdog_view($id) {
}
function watchdog_admin() {
- global $op, $id, $type, $order;
-
- print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n";
-
- switch ($op) {
- case "help":
- watchdog_help();
- break;
- case "view":
- print watchdog_view(check_input($id));
- break;
- default:
- print watchdog_overview($type);
+ global $user, $op, $id, $type, $order;
+
+ if (user_access($user, "access watchdog")) {
+
+ print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "help":
+ watchdog_help();
+ break;
+ case "view":
+ print watchdog_view(check_input($id));
+ break;
+ default:
+ print watchdog_overview($type);
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module
index 02c7c23ca675..23d4c8d28ddc 100644
--- a/modules/watchdog/watchdog.module
+++ b/modules/watchdog/watchdog.module
@@ -7,6 +7,10 @@ function watchdog_help() {
<?php
}
+function watchdog_perm() {
+ return array("access watchdog");
+}
+
function watchdog_conf_options() {
$period = array(3600 => format_interval(3600), 10800 => format_interval(10800), 21600 => format_interval(21600), 32400 => format_interval(32400), 43200 => format_interval(43200), 86400 => format_interval(86400), 172800 => format_interval(172800), 259200 => format_interval(259200), 604800 => format_interval(604800), 1209600 => format_interval(1209600), 2419200 => format_interval(2419200), 1000000000 => t("Never"));
$output .= form_select(t("Discard entries older than"), "watchdog_clear", variable_get("watchdog_clear", 604800), $period, t("The time watchdog entries should be kept. Older entries will be automatically discarded. Requires crontab."));
@@ -53,19 +57,25 @@ function watchdog_view($id) {
}
function watchdog_admin() {
- global $op, $id, $type, $order;
-
- print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n";
-
- switch ($op) {
- case "help":
- watchdog_help();
- break;
- case "view":
- print watchdog_view(check_input($id));
- break;
- default:
- print watchdog_overview($type);
+ global $user, $op, $id, $type, $order;
+
+ if (user_access($user, "access watchdog")) {
+
+ print "<SMALL><A HREF=\"admin.php?mod=watchdog&type=account\">account messages</A> | <A HREF=\"admin.php?mod=watchdog&type=regular\">regular messages</A> | <A HREF=\"admin.php?mod=watchdog&type=special\">special messages</A> | <A HREF=\"admin.php?mod=watchdog&type=warning\">warning messages</A> | <A HREF=\"admin.php?mod=watchdog&type=error\">error messages</A> | <A HREF=\"admin.php?mod=watchdog&type=httpd\">httpd messages</A> | <A HREF=\"admin.php?mod=watchdog\">overview</A> | <A HREF=\"admin.php?mod=watchdog&op=help\">help</A></SMALL><HR>\n";
+
+ switch ($op) {
+ case "help":
+ watchdog_help();
+ break;
+ case "view":
+ print watchdog_view(check_input($id));
+ break;
+ default:
+ print watchdog_overview($type);
+ }
+ }
+ else {
+ print message_access();
}
}
diff --git a/node.php b/node.php
index dae4683b9407..6bbeed207ea9 100644
--- a/node.php
+++ b/node.php
@@ -5,56 +5,64 @@
page_header();
function node_render($node) {
- global $id, $cid, $op, $moderate, $pid, $edit, $theme, $mode, $order, $threshold, $PHP_SELF;
+ global $user, $id, $cid, $op, $moderate, $pid, $edit, $theme, $mode, $order, $threshold, $PHP_SELF;
- if ($node->comment) {
- switch($op) {
- case t("Preview comment"):
- $theme->header();
- comment_preview($edit);
- $theme->footer();
- break;
- case t("Post comment"):
- comment_post($edit);
- $theme->header();
- node_view($node);
- comment_render($edit[id], $cid);
- $theme->footer();
- break;
- case t("Add comment"):
- $theme->header();
- comment_reply(check_input($cid), check_input($id));
- $theme->footer();
- break;
- case "reply":
- $theme->header();
- comment_reply(check_input($pid), check_input($id));
- $theme->footer();
- break;
- case t("Update settings"):
- comment_settings(check_input($mode), check_input($order), check_input($threshold));
- $theme->header();
- node_view($node);
- comment_render($id, $cid);
- $theme->footer();
- break;
- case t("Moderate comments"):
- comment_moderate($moderate);
- $theme->header();
- node_view($node);
- comment_render($id, $cid);
- $theme->footer();
- break;
- default:
- $theme->header();
- node_view($node);
- comment_render($id, $cid);
- $theme->footer();
+ if (user_access($node, "view content")) {
+
+ if ($node->comment) {
+ switch($op) {
+ case t("Preview comment"):
+ $theme->header();
+ comment_preview($edit);
+ $theme->footer();
+ break;
+ case t("Post comment"):
+ comment_post($edit);
+ $theme->header();
+ node_view($node);
+ comment_render($edit[id], $cid);
+ $theme->footer();
+ break;
+ case t("Add comment"):
+ $theme->header();
+ comment_reply(check_input($cid), check_input($id));
+ $theme->footer();
+ break;
+ case "reply":
+ $theme->header();
+ comment_reply(check_input($pid), check_input($id));
+ $theme->footer();
+ break;
+ case t("Update settings"):
+ comment_settings(check_input($mode), check_input($order), check_input($threshold));
+ $theme->header();
+ node_view($node);
+ comment_render($id, $cid);
+ $theme->footer();
+ break;
+ case t("Moderate comments"):
+ comment_moderate($moderate);
+ $theme->header();
+ node_view($node);
+ comment_render($id, $cid);
+ $theme->footer();
+ break;
+ default:
+ $theme->header();
+ node_view($node);
+ comment_render($id, $cid);
+ $theme->footer();
+ }
+ }
+ else {
+ $theme->header();
+ node_view($node);
+ $theme->footer();
}
}
else {
$theme->header();
- node_view($node);
+ $theme->box(t("Access denied"), message_access());
$theme->footer();
}
}
diff --git a/search.php b/search.php
index cc1dfd4b8b2a..44c58347533b 100644
--- a/search.php
+++ b/search.php
@@ -4,36 +4,43 @@
page_header();
-// verify input:
-$type = check_input($type);
-$keys = check_input($keys);
-
-// build options list:
-foreach (module_list() as $name) {
- if (module_hook($name, "search")) {
- $options .= "<OPTION VALUE=\"$name\"". ($name == $type ? " SELECTED" : "") .">$name</OPTION>\n";
+if (user_access($user, "search content")) {
+ // verify input:
+ $type = check_input($type);
+ $keys = check_input($keys);
+
+ // build options list:
+ foreach (module_list() as $name) {
+ if (module_hook($name, "search")) {
+ $options .= "<OPTION VALUE=\"$name\"". ($name == $type ? " SELECTED" : "") .">$name</OPTION>\n";
+ }
}
-}
-// build form:
-$form .= "<FORM ACTION=\"search.php\" METHOD=\"POST\">\n";
-$form .= " <INPUT SIZE=\"50\" VALUE=\"". check_form($keys) ."\" NAME=\"keys\" TYPE=\"text\">\n";
-$form .= " <SELECT NAME=\"type\">$options</SELECT>\n";
-$form .= " <INPUT TYPE=\"submit\" VALUE=\"". t("Search") ."\">\n";
-$form .= "</FORM>\n";
+ // build form:
+ $form .= "<FORM ACTION=\"search.php\" METHOD=\"POST\">\n";
+ $form .= " <INPUT SIZE=\"50\" VALUE=\"". check_form($keys) ."\" NAME=\"keys\" TYPE=\"text\">\n";
+ $form .= " <SELECT NAME=\"type\">$options</SELECT>\n";
+ $form .= " <INPUT TYPE=\"submit\" VALUE=\"". t("Search") ."\">\n";
+ $form .= "</FORM>\n";
-// visualize form:
-$theme->header();
+ // visualize form:
+ $theme->header();
-if ($form) {
- $theme->box(t("Search"), $form);
-}
+ if ($form) {
+ $theme->box(t("Search"), $form);
+ }
-if ($keys) {
- $theme->box(t("Result"), search_data($keys, $type));
-}
+ if ($keys) {
+ $theme->box(t("Result"), search_data($keys, $type));
+ }
-$theme->footer();
+ $theme->footer();
+}
+else {
+ $theme->header();
+ $theme->box("Access denied", message_access());
+ $theme->footer();
+}
page_footer();
diff --git a/submit.php b/submit.php
index 2a78a68191b8..02b6f89595d4 100644
--- a/submit.php
+++ b/submit.php
@@ -6,7 +6,7 @@
$theme->header();
-if ($user->id) {
+if (user_access($user, "post content")) {
if ($mod) {
module_invoke($mod, "user");
}
@@ -25,7 +25,7 @@
}
}
else {
- $theme->box("Submit", message_account());
+ $theme->box("Submit", message_access());
}
$theme->footer();
diff --git a/updates/2.00-to-x.xx.sql b/updates/2.00-to-x.xx.sql
index 501c4bfe0d0d..b43d97eadcb1 100644
--- a/updates/2.00-to-x.xx.sql
+++ b/updates/2.00-to-x.xx.sql
@@ -265,3 +265,16 @@ ALTER TABLE book ADD log text NOT NULL;
ALTER TABLE node DROP pid;
ALTER TABLE node DROP log;
DROP TABLE headlines;
+
+# 20/06/01
+CREATE TABLE role (
+ rid int(10) unsigned DEFAULT '0' NOT NULL auto_increment,
+ name varchar(32) DEFAULT '' NOT NULL,
+ perm text DEFAULT '' NOT NULL,
+ UNIQUE name (name),
+ PRIMARY KEY (rid)
+);
+
+ALTER TABLE users ADD role varchar(32) DEFAULT '' NOT NULL;
+ALTER TABLE users DROP access;
+UPDATE users SET role = 'registered user';
--
GitLab